The Teams Who Test US Cyber Defenses Aren’t Being Tough Enough: Pentagon Report

A lack of tough cyber operators to play the role of adversary is leaving U.S. cyber defenders unprepared for today’s real-world threats, according to the Pentagon’s Office of the Director of Operational Test  Evaluation.

The service branches have too few red teams, the groups of U.S. troops, employees, and contractors who play the bad guys and test Defense Department networks for cyber vulnerabilities.

“Currently Red Teams lack the time and funding to develop new tools and capabilities. The manning models for the Service Red Teams vary widely and are not uniformly successful,” said the FY 2018 Annual Report, which came out last week. “Reviews of the capabilities of several Red Teams in FY18 showed that the best teams were overscheduled and overwhelmed by workload.”

For example, the Army’s Threat Systems Management Office Red Team worked more than 200 evaluation events last year, leaving them insufficient time “to prepare the

... read more at: