Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems
Sabovich, Jason R.
Borst, James A.
Buettner, Raymond R.
MetadataShow full item record
Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, which did not find a willing audience with the U.S. Army. Instead, the Army adopted Microsoft Systems Management Server (SMS), followed by System Center Configuration Manager (SCCM) 2007 to meet this threat. After more than five years, the rollout of SCCM to all organizations within the U.S. Army is still incomplete. This study provides an overview of the threats facing U.S. Army information systems and looks at how the Army has addressed this challenge in the past. Next, the study takes a system engineering approach to identifying an optimal tool for mitigating third-party vulnerabilities and suggests potential alternatives to SCCM. In addition, the study utilizes a cost benefit analysis approach to aid in evaluating the potential Return on Investment (ROI) provided by each tool. The purpose of this study is to answer the question What is the most optimal solution for mitigating vulnerabilities in third-party applications on U.S. Army information systems
Showing items related by title, author, creator and subject.
The Enemy’s Access Denial System: Potential Competitor Exploitation of U. S. Military Vulnerabilities. Harney, Robert C. (Monterey, California: Institute for Joint Warfare Analysis, Naval Postgraduate School, 2000-12); NPS-JW-01-014As part of an experimental approach to “red teaming” that is studying the problem of enemy access denial systems, the author performed a detailed investigation of the vulnerabilities of the U. S. military’s power projection ...
Bensing, Richard G. (Monterey, California. Naval Postgraduate School, 2009-09);Growing asymmetric threats, such as international terrorism, have replaced the hostile nation-state as the adversary of choice. As embodied by the September 11 attacks, the United States now faces enemies that seek to ...
Nord, Robert L.; Ozkaya, Ipek; Shull, Forrest (Monterey, California. Naval Postgraduate School, 2017-03); SYM-AM-17-047Technical debt describes a universal software development phenomenon: ﾓQuick and easyﾔ design or implementation choices that linger in the system will cause ripple effects that make future changes more costly. Although DoD ...