While October has been designated as Cybersecurity Month by President Obama, the Pentagon lags, implementing less than half of identified vulnerability “fixes.” DARPA defense director Arati Prabhakar says cybersecurity is still a matter of “patch and pray.”
According to a summary of an audit released by the inspector general’s (IG) office, only 93 of 229 cyber recommendations made during the year beginning August 1, 2014 and July 31, 2015 have been addressed.
In the span of one year, the Pentagon addressed fewer than half of the recommendations to shore up cyber vulnerabilities identified by its IG’s office.
The balance, 136 items, needed “management action,” according to the summary. During the span of time covered by the report, the Government Accounting Office (GAO) and Department of Defense (DoD) penned a total of 20 cybersecurity reports covering such topics as risk management weaknesses, identity and access management and contingency planning.
The DoD indicated last month that it wants to automate cyber defense, but are now at the stage of patching updates automatically.
DARPA, however, is working on collecting information and securing the Internet of Things, with a goal of making computing processors mathematically, provably secure. Although minimal information is available, the project involves analyzing emissions, the electromagnetic waves, from devices to detect computing activity. She also indicated that success will likely come from harnessing commercial technology and turning it into military capabilities.
In April, the Pentagon unveiled plans to open an office in California, announcing a $75 million investment in a consortium of universities and companies developing flexible and wearable electronics.
National Cybersecurity Awareness m onth is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising cybersecurity awareness and increasing the nation’s resilience in the event of a cyber incident. Seems a stretch, given the number of items, even the Pentagon has yet to work on.