US cyber defenders are unprepared against real-world threats due to understaffed and underfunded “Red Teams,” according to a 2018 annual report published last week by the US Department of Defense's (DoD) Office of the Director of Operational Test & Evaluation (DOT&E).
Red Teams are groups of US troops, employees and contractors who test Defense Department networks for cyber vulnerabilities by assuming adversarial roles.
“Currently Red Teams lack the time and funding to develop new tools and capabilities. The manning models for the Service Red Teams vary widely and are not uniformly successful,” the DOT&E wrote in its fiscal year 2018 Annual Report.
“Reviews of the capabilities of several Red Teams in FY18 showed that the best teams were overscheduled and overwhelmed by workload,” the report added. The findings are based on data from more than 50 cybersecurity assessments with Combatant Command (CCMD) and Services. A CCMD is composed of forces from at least two military departments.
According to the report, the Army's Threat Systems Management Office Red Team did not have sufficient time to “prepare the array of representative cyber-attacks attributed to the portrayed adversary,” resulting in what the DoD described as a “gap” between cyber Red Team capabilities and cyber threat groups.
“Assessments that do not include a fully representative threat portrayal may leave warfighters and network owners with a false sense…