Remediating Third-Party Software Vulnerabilities on U.S. Army Information Systems
Sabovich, Jason R.
Borst, James A.
Buettner, Raymond R.
Cook, Glenn R.
MetadataShow full item record
Information systems belonging to the DoD and U.S. Army experience cyber attacks on a daily basis. Increasingly, these attacks are targeting popular third-party applications, instead of focusing on vulnerabilities in Microsoft software. The DoD responded to this threat by adopting Citadel Hercules, which did not find a willing audience with the U.S. Army. Instead, the Army adopted Microsoft Systems Management Server (SMS), followed by System Center Configuration Manager (SCCM) 2007 to meet this threat. After more than five years, the rollout of SCCM to all organizations within the U.S. Army is still incomplete. This study provides an overview of the threats facing U.S. Army information systems and looks at how the Army has addressed this challenge in the past. Next, the study takes a system engineering approach to identifying an optimal tool for mitigating third-party vulnerabilities and suggests potential alternatives to SCCM. In addition, the study utilizes a cost benefit analysis approach to aid in evaluating the potential Return on Investment (ROI) provided by each tool. The purpose of this study is to answer the question What is the most optimal solution for mitigating vulnerabilities in third-party applications on U.S. Army information systems
Showing items related by title, author, creator and subject.
Bompos, Konstantinos (Monterey, CA; Naval Postgraduate School, 2020-09);Zero-day vulnerabilities are those that have not previously been identified and thus are in their zeroth day of existence. These vulnerabilities are the most potentially damaging from a cyber defense perspective because ...
Rhodes, Donna H.; Reid, Jack (Monterey, California. Naval Postgraduate School, 2019-04-30); SYM-AM-19-055Digital engineering changes how systems are acquired and developed through the use of model-centric practices and toolsets. Enterprises face new challenges in this transformation, including potential for emergent vulnerabilities ...
The Enemy’s Access Denial System: Potential Competitor Exploitation of U. S. Military Vulnerabilities. Harney, Robert C. (Monterey, California: Institute for Joint Warfare Analysis, Naval Postgraduate School, 2000-12); NPS-JW-01-014As part of an experimental approach to “red teaming” that is studying the problem of enemy access denial systems, the author performed a detailed investigation of the vulnerabilities of the U. S. military’s power projection ...