The Defense Information Systems Agency conducts an assessment of DoD web browsing practices to determine the utility of bandwidths.
The US navy spends around $160 million to evade and protect itself from cyber-attacks.
The US Department of Defense has become a lucrative target for attackers due to the vast amount of trade and technological secrets it holds. With so much on stake, the US defense is always on its toes to avert such attacks.
According to the Navy Cyber Defense Operations Command, the Defense department averts around 36 million cyberattacks every year which are mostly in the form of malicious emails that are full of malware, viruses, and phishing schemes.
These emails are sent by hackers and foreign countries trying to gain advantage by gaining access to the vital information stored on military servers.
The Navy also highlighted the emerging threats that leverage network traffic and protocols to compromise networks.
“Over the last two decades, The Non-classified Internet Protocol (IP) Router Network (NIPRNET) has grown at speeds faster than can be monitored. Further, its rapid adoption of encrypted web traffic protocols enables network traffic to traverse multiple network boundaries without adequate levels of inspection and monitoring. Unfortunately, these advancements also create expansive ways for adversaries to deliver potentially malicious software and compromise the network,” the report quoted.
The response of the Department of Defense
- An annual assessment of Department of Defense web browsing practices takes place to determine the utility of bandwidth.
- The $160 million spent by Navy for protection from cyberattacks also includes the loss in manhours and network downtime.
- Around $70 million alone is spent towards the clean up of the negligent security practices on IT systems.
The new way to combat the threats
According to the report, the Navy has adopted a three-step approach to combat the threats, these are:
- Identify: First of all, the attack surface should be identified i.e. all web browsing communications, machine-machine communications should be identified to understand the threat landscape on them.
- Reduce: This means that the attack surface should be minimized by separation of mission-related activities from non-mission activities by whitelisting .mil and .gov websites. After that, NIPRET is used exclusively for mission activities.
- Transfer: The transfer of risk is also very important, it achieved by limiting user’s exposure to cyber attack-related risks by transferring the risk to a third party. Many providers offer a sandboxed version of the Internet which is only exclusive to defense-related activities.