Cyber red teams are still able to gain the upper hand in major training exercises, and combatant command missions “remain at risk when subjected to cyber-attacks emulating an advanced nation-state adversary” , according to a Department of Defense report.

The Office of the Director, Operational Test and Evaluation FY 2016 Annual Report says that some DOD programs and networks have made significant improvements against cyber attacks and threats in recent years….

However, the report’s praise is short-lived. It goes on to say:

“DOD personnel too often treat network defense as an administrative function, not a war fighting capability. Until this paradigm changes, and the change is reflected in the Department’s approach to cybersecurity personnel, resource allocation, training, accountability, and program and network management, the Department will continue to struggle to adequately defend its systems and networks from advanced cyberattacks.”

The report states that red teams emulating even moderate-level adversaries are able to penetrate DOD networks and move around undetected for “extended periods of time….”

In addition to the need for more red teams, DOT&E says the DOD needs more cyber training ranges with greater capabilities to emulate real-world cyberthreats….

The report recommends that commands and services “reduce restrictions that prevent testing and training against realistic cyber threats, and perform ‘fight-through’ events to demonstrate that their critical missions are resilient in contested cyber environments.”

It also recommends upgrading red teams and testing environments to allow red teams to “portray relevant and representative adversaries, including advanced nation-state threats.”

The report further recommends that DOD focus not just on hardening its systems, but to “assume breach” and increase resilience to contain adversaries that do penetrate systems.

Image: US Army Cyber Operations Center, Fort Gordon, GA, May 19, 2015 (photo: Michael L. Lewis)