The Pentagon has failed to put in place policies to track attempted cyberattacks by Russia, China, Iran, and other malicious hackers leaving the U.S. government with incomplete information on the more than 12,000 attempted hacks from enemies since 2015, according to findings by a federal watchdog.
Hackers have attempted to penetrate computer systems belonging to the Defense Department with more than 1,500 cyberattacks per year, according to data from 2015 to 2021 published by the Government Accountability Office (GAO), a federal investigatory group that recently determined the Pentagon is often not properly logging these attacks or reporting them to leadership. China, Iran, and Russia conducted many of the most high-profile attacks.
“DOD’s system for reporting all incidents often contained incomplete information and DOD could not always demonstrate that they had notified appropriate leadership of relevant critical incidents,” according to the GAO. “Until DOD assigns such responsibility, DOD does not have assurance that its leadership has an accurate picture of the department’s cybersecurity posture.” These failures are primarily due to the Defense Department’s failure to assign an organization the task of tracking these incidents, even though the agency itself and Congress have mandated officials do so.
Though the number of reported cyber incidents have dropped during the past several years—from 3,880 in 2015 to 948 in 2021—without the ability to fully detail and report these incidents, Pentagon leaders and those who have their personal information breached may not know an attack took place, according to the report. The failure to put safeguards in place serves as a boon to malicious cyber hackers, including foreign nations that are trying daily to penetrate these networks.