Lance Bellers - Fotolia
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.
After a grueling 2016 for government breaches and hacks, new concerns have emerged about Pentagon cybersecurity following a report of vulnerable, misconfigured servers.
The U.S. Department of Defense last year announced the Hack the Pentagon bug bounty program, helmed by HackerOne, in an effort to improve the DOD's cyberdefenses. However, a report submitted to the bug bounty program by infosec consulting company Phobos Group claimed that several misconfigured servers were vulnerable to external attackers. While Phobos Group did not offer details about the specific vulnerabilities, the company did say the servers were out of scope for the Hack the Pentagon program, and the vulnerabilities have yet to be addressed by the DOD.
The report has raised questions about Pentagon cybersecurity deficiencies and the effectiveness of bug bounty programs that have limited scopes. Is Phobos Group's report cause for alarm? Why has the government reportedly been slow to respond to reports of vulnerable Pentagon servers? Should the government be more proactive about cybersecurity after all of the high-profile attacks in 2016?
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of the Pentagon cybersecurity report. They also discuss the overall government security landscape under the Trump administration and debate what effect a potential cybersecurity executive order may have on the situation.
Risk & Repeat: More bad Symantec certificates discovered
Risk & Repeat: Potential Windows Server Message Block exploit draws concern
Risk & Repeat: Is doxware a new threat, or just repackaged ransomware?