“It also gave a hierarchy to report back the state of activities. “The consolidation of the capabilities to defend the DoDIN gave us a huge advantage in speed to be able to order the modification and protection changes necessary for any specific threat,” Joyce said. Cyber Command and Joint Force Headquarters-DoD Information Networks (JFHQ-DoDIN). If it turns out to be the case that DoD truly did dodge the potential implications of both of the serious cybersecurity vulnerabilities, it will be largely because of improvements the department has made in recent years to how it commands and controls its disparate IT networks, said Rob Joyce, the director of cybersecurity at the National Security Agency.Īlthough DoD’s visibility over its own networks still is far from perfect, it at least has the ability to order the military services and Defense agencies to fix cyber problems quickly via directives from U.S. So I would say it’s going to be ongoing for some time.” If somebody in the community comes up with more indicators of compromise, as soon as we get those, we check it across the environment. “I think we’ve finished all of our work as far as hunting, going out there where we thought maybe compromise existed. We’re keeping that open, and we’ve been working with both vendors on the patches and deploying those,” McKeown said. “The operations associated with are still ongoing. There were very few that were, but we quickly patched those and found no indicators of compromise,” he said, adding that the department is continuing to look for signs of intrusion via the so-called “ Hafnium” hack. “We quickly enumerated those servers, focusing on those servers that were public facing. Although the military is almost exclusively reliant on Exchange for its email services, McKeown said there’s no evidence that those vulnerabilities were ever successfully used by would-be intruders on DoD networks. And to date, no compromise,” he said.ĭoD thinks the same is true of a separate set of vulnerabilities on Microsoft’s Exchange Server platform. “In a few instances we sent out hunt teams to do a more thorough examination to make sure. Of those, 560 were running a version that included a backdoor inserted by hackers suspected to be working for the Russian government.īut McKeown said none of the department’s sensors have shown any indication that the backdoor was ever utilized before the vulnerability was discovered and the potential entry point was closed. He said the department had been running 1,500 instances of the company’s Orion software. Testifying Wednesday before the Senate Armed Services Committee, David McKeown, DoD’s chief information security officer, shed new light on DoD’s potential exposure to the SolarWinds hack.
![microsoft solarwinds microsoft solarwinds](https://i.gadgets360cdn.com/large/microsoft_glass_window_reuters_small_1608266499371.jpg)
But after months of scouring their own networks for signs of compromise, Defense officials say they’ve found no evidence that adversaries managed to use the security flaws to steal data or do anything else malicious. The Defense Department certainly wasn’t immune from the recent global-scale cyber vulnerabilities involving SolarWinds and Microsoft Exchange software.