DOD Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk.
Abstract
The Department of Defense (DOD) relies on a vast and complex information infrastructure to support critical operations such as designing weapons, identifying and tracking enemy targets, paying soldiers, mobilizing reservists, and managing supplies. Indeed, its warfighting capability depends upon computer-based telecommunications networks and information systems. In recent years, numerous internal and external evaluations have identified weaknesses in information security that could seriously jeopardize DOD's operations and compromise the confidentiality, integrity or availability of sensitive information. This report summarizes the results of our latest review of information security at DOD. In May 1996, we reported that external attacks on DOD computer systems were a serious and growing threat According to DOD officials, attackers had stolen, modified, and destroyed both data and software. They had installed "back doors" that circumvented normal system protection and allowed attackers unauthorized future access. They had shut down and crashed entire systems and networks. In September 1996, we issued a report, based on detailed analyses and testing of general computer controls, that identified pervasive vulnerabilities in DOD information systems. We had found that authorized users could also exploit the same vulnerabilities that made external attacks possible to commit fraud or other improper or malicious acts. In fact,
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 1999
- Accession Number
- ADA367257
Entities
Organizations
- United States Government Accountability Office