The Pentagon resorted to an unusual strategy to check for vulnerabilities in its networks, ceding some power in favor of a major internet supplier.
As part of an apparent effort to find loopholes in its network, the Pentagon has given a small company in Florida control of about 175 million of its IP addresses, according to the report. mentioned The Washington Post.
IP addresses are still owned by the Department of Defense, but Global Resource Systems began managing those addresses on January 20, and that number grew rapidly over the next three months.
Global Resource Systems was founded in September, according to the Washington Post, which was unable to find any other federal contracts for the company or any website directed at the public.
The initiative appears to be run by a group within the Pentagon called the Defense Digital Service, which solves problems and conducts technological trials for the military, and reports directly to the secretary of defense.
“This move was part of a trial effort to identify potential vulnerabilities and prevent unauthorized use of the Department of Defense’s IP addresses,” Brett Goldstein, director of the Pentagon’s Digital Defense Service, told the newspaper.
It is not known exactly what Global Resource Systems was commissioned to do for the Department of Defense, but the newspaper found that it sent very large amounts of Internet traffic through the IP addresses of the Department of Defense.
One security expert speculated that this experimental effort might give the Defense Department information about how attackers operate over the Internet, and any potential error settings that need to be fixed.
“This flow of data directed to the Department of Defense’s Internet Protocol addresses can help the military collect information about threats,” he added.
And when some Chinese companies use similar IP address numbering systems for their internal networks, there is a possibility that some of their data will be routed to the United States.
The military may use the information provided from the experiment to prevent hostile governments or cyber criminals from hijacking idle IP addresses, and this ensures that the United States can manage IP addresses so that they can use them if they so desire.
Although this step is strange, it could be significant in light of SolarWinds penetration and other threats to government systems.