The U.S. military is one of the world’s most powerful and technologically advanced forces. However, the institution also has its weaknesses, and its magnitude has made it a major target for cyberattacks. Read below to explore the current state of cybersecurity in the U.S. Armed Forces and how it could address vulnerabilities.
The State of the U.S. Military’s Cybersecurity
In 2021, the U.S. Department of the Army and the U.S. Defense Digital Services partnered with HackerOne to host Hack the Army 3.0. Inviting hackers into sensitive networks might seem unwise, but the event involved ethical hackers aiming to seek vulnerabilities in the entity’s infrastructure. These white-hat efforts uncover system weaknesses before malicious hackers and cybercriminals exploit them.
During the event, Hack the Army participants found 238 system vulnerabilities — 102 qualified as high-rated or critical and required immediate attention. They exposed coding mistakes or weak assets that the army’s regular compliance-based scanning overlooked. These efforts to troubleshoot and improve military cybersecurity systems are crucial.
In 2023, the U.S. Cyber Command introduced a new strategy. Instead of secrecy, it has decided to adopt a more proactive approach by becoming more open to coordinating with other government agencies, private companies and allied countries to strengthen its cyber defenses.
Strategies for Better Military Cybersecurity
The U.S. Armed Forces deal with highly confidential information that can often affect the lives and safety of populations worldwide. For this reason, it should pay attention to strengthening its cybersecurity defenses, which it can accomplish through the following methods.
Cybersecurity Training
Effective and comprehensive training is one of the most important components of strengthening military cybersecurity. Many hacks and security breaches have arisen due to individual soldiers’ data or devices, not just direct attacks on the institution. In 2024, nearly all data breaches came from human error, which included credential misuse, insider threats and user errors.
A business’s staff is its first line of defense against cyber attacks, and the same principle applies to the military. Training should be engaging, using real-life scenarios and hands-on methods to make it interesting, memorable, and practical for service members.
Expert Partnerships
While cybersecurity can be part of the military’s everyday operations, it’s not always its main focus. Working closely with agencies like the National Institute of Standards and Technology, the Cybersecurity and Infrastructure Security Agency (CISA), and private software companies can help the military refine its cybersecurity standards and policies.
These agencies and organizations can suggest the best tools, software and systems to protect military digital assets better. This partnership can be mutually beneficial, too — the U.S. Department of Defense routinely coordinates with CISA by providing intel on cyber threats.
Physical Security
Just as one would use anti-malware software, MFA or VPNs to protect digital assets, it’s also important to protect devices from unauthorized physical access. Many military-grade computers and laptops have Kensington lock slots. These work like bicycle locks but for electronics, allowing users to secure their equipment to their desks.
Kensington locks and other similar mechanisms slow down potential thieves, deterring them from stealing secured objects if they want a quick exit. Another way to secure military data physically is through electromagnetic interference enclosures that ensure critical equipment stays functional and protected from lightning or weaponized electromagnetic pulses.
Multi-Factor Authentication
Multi-factor authentication (MFA) is a standard cybersecurity practice where users must go through multiple steps to prove their identity to log in, such as passwords, face ID, fingerprints or a time-sensitive access code. While it has weaknesses, it can stop 30% to 50% of cyber attacks trying to gain unauthorized access to devices or accounts. This additional security counts when protecting military staff and assets from malicious parties.
Data Encryption
If military data reaches the wrong hands, the results could affect entire populations. Encryption is a security process where data is scrambled into a code so that only people with access to the key can read it. This extra layer of security ensures confidential data stays protected at all times, whether it’s in transit or storage. Even if someone steals a computer, flash drive or CD, they won’t be able to access the information if they don’t have the encryption key.
Building Cyber Resilience
As technology advances, so do the types and severity of attacks threatening government agencies and private citizens. The U.S. military’s defenses go beyond its armed forces — it must also secure its data, communications, and digital infrastructure through investing in the right tools, technology and extensive training over the long term.
As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.
.
.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.