Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems

Download
Author
Sabovich, Jason R.
Borst, James A.
Date
2012-06Advisor
Buettner, Raymond R.
Second Reader
Barreto, Albert
Cook, Glenn R.
Metadata
Show full item recordAbstract
Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, which did not find a willing audience with the U.S. Army. Instead, the Army adopted Microsoft Systems Management Server (SMS), followed by System Center Configuration Manager (SCCM) 2007 to meet this threat. After more than five years, the rollout of SCCM to all organizations within the U.S. Army is still incomplete. This study provides an overview of the threats facing U.S. Army information systems and looks at how the Army has addressed this challenge in the past. Next, the study takes a system engineering approach to identifying an optimal tool for mitigating third-party vulnerabilities and suggests potential alternatives to SCCM. In addition, the study utilizes a cost benefit analysis approach to aid in evaluating the potential Return on Investment (ROI) provided by each tool. The purpose of this study is to answer the question What is the most optimal solution for mitigating vulnerabilities in third-party applications on U.S. Army information systems
Related items
Showing items related by title, author, creator and subject.
-
DEVELOPMENT TIME OF ZERO-DAY CYBER EXPLOITS IN SUPPORT OF OFFENSIVE CYBER OPERATIONS
Bompos, Konstantinos (Monterey, CA; Naval Postgraduate School, 2020-09);Zero-day vulnerabilities are those that have not previously been identified and thus are in their zeroth day of existence. These vulnerabilities are the most potentially damaging from a cyber defense perspective because ... -
Uncovering Cascading Vulnerabilities in Model-Centric Acquisition Programs and Enterprises
Rhodes, Donna H.; Reid, Jack (Monterey, California. Naval Postgraduate School, 2019-04-30); SYM-AM-19-055Digital engineering changes how systems are acquired and developed through the use of model-centric practices and toolsets. Enterprises face new challenges in this transformation, including potential for emergent vulnerabilities ... -
The Enemy’s Access Denial System: Potential Competitor Exploitation of U. S. Military Vulnerabilities.
Harney, Robert C. (Monterey, California: Institute for Joint Warfare Analysis, Naval Postgraduate School, 2000-12); NPS-JW-01-014As part of an experimental approach to “red teaming” that is studying the problem of enemy access denial systems, the author performed a detailed investigation of the vulnerabilities of the U. S. military’s power projection ...