During multiple military cybersecurity assessments last year of both simulated and real-world missions — three of which involved units deployed to U.S. Central Command’s area of operations, which includes the Middle East and Afghanistan — personnel leaked the positions and activities of allies to adversaries, Defense Department officials told Congress this week.
The incidents were disclosed as part of an annual report by J. Michael Gilmore, director of operational test and evaluation for Defense. The report assesses the operational effectiveness of systems being developed for combat.
This example and other lapses in information security indicate Defense “has not yet developed sufficiently advanced cyber defensive tactics to counter advanced adversary tactics,” he said.
The report covered system assessments between October 2011 and October 2012. During the year, red teams consisting of service members posing as adversaries regularly succeeded in penetrating and exploiting networks.*
Red teams and the the red teams mindset were applied here.