Comment

Comment on Counterfeit Cisco gear ended up in US military bases, used in combat operations

possiblylinux127@lemmy.zip ⁨6⁩ ⁨months⁩ ago

That’s… Bad. Like really bad.

Why is this allowed by the DoD?

source

Sort:hotnew top

randombullet@programming.dev ⁨6⁩ ⁨months⁩ ago
Because the DoD isn’t as organized as many perceive. Source: me

source
- BaroqueInMind@lemmy.one ⁨6⁩ ⁨months⁩ ago
  How are you your own source? Doesn’t make sense.
  
  source
  - randombullet@programming.dev ⁨6⁩ ⁨months⁩ ago
    I’m a network engineer in the DoD lol
    
    source
    nrezcm@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Sources on this?
    
    source
    -> View More Comments
CyberDine@lemmy.world ⁨6⁩ ⁨months⁩ ago
The DoD will soon be requiring itself and Contractors to start following Rev 5 of the NIST SP 800-53 Risk Management Framework. In this revision are more robust controls for Supply-side security, which the DoD has been trying to incorporate for over 10 years.

Americans should know that the military and DOD and it’s contractors do their best to purchase authentic hardware from reputable vendors, but there are exceptions and alternate procurement allowances if the need is great and the standard more secure lines are unavailable or simply on back order.

It’s usually then that some of the fake hardware makes it into use

source
- naticus@lemmy.world ⁨6⁩ ⁨months⁩ ago
  800-53 Rev 5 is such a pain in the ass to implement fully but holy shit is it much needed. Bad actors out there everywhere and if followed to the letter, those controls will save you almost every step of the way. “Almost” because there will always be a new method to infiltrate an organization or agency, but the damage control built into these controls should lessen the impact regardless.
  
  source
henfredemars@infosec.pub ⁨6⁩ ⁨months⁩ ago
It’s big and complicated. Keeping track of where supplies are coming from is a difficult task. You can’t police every employee at all times let alone every purchase.

source
- possiblylinux127@lemmy.zip ⁨6⁩ ⁨months⁩ ago
  You can at least avoid Amazon
  
  source
  - Notyou@sopuli.xyz ⁨6⁩ ⁨months⁩ ago
    Haha. This is a good one. They used to (maybe still) not allow 3rd party sellers like eBay, but Amazon has been used for a long time. I’m not sure why one was okay but not they other. Anyway, they would take a big operational hit, if they couldn’t use Amazon.
    
    Say a system goes down during a critical time, either training or a real mission. They need a part that they could order overnight and have it up by morning or maybe sooner if it’s on that Amazon now thing. Or they could wait and try to source it out. Hope you can contact them, depending on the time. A lot of places that make equipment for the government have business hours. Depending on contracts and everything there would be a lot to get into, but the point is buying for Amazon is sometimes the best place to get the item from in a quick manner.
    
    source
    possiblylinux127@lemmy.zip ⁨6⁩ ⁨months⁩ ago
    Ands that’s why you have backups and spares.
    
    source
    -> View More Comments
catloaf@lemm.ee ⁨6⁩ ⁨months⁩ ago
It’s not.

source