The Pentagon has given a company control of 175 million IP addresses |
The Pentagon took an unusual strategy to find vulnerabilities in its network and devolve some power over major Internet resources.
According to the Washington Post, the Pentagon scanned nearly 175 million IP addresses of a small company in Florida to expose vulnerabilities on its network.
The IP addresses are still the property of the Department of Defense, but Global Resource Systems began managing those addresses January 20, and the addresses grew rapidly over the next three months.
Global Resource Systems was founded in September and has not found any other federal contracts or public company websites, according to the Washington Post report.
The plan appears to be the responsibility of a team called the Pentagon's Digital Defense Services, which fixes errors, conducts technical tests for the military and reports directly to the Secretary of Defense.
"This is an experiment to identify potential vulnerabilities and prevent unauthorized use of the DoD's IP address," said Brett Goldstein, director of the Pentagon's Digital Defense Services Department.
It is not clear if the Department of Global Resources Systems is in charge of the DoD mission, but the newspaper indicated that it sends a large portion of the Internet traffic through the DoD's IP address.
A security expert speculated that this test work could provide the Department of Defense with information about how attackers operate on the Internet and which settings should be corrected.
He added, "The data circulating in the Ministry of Defense's Internet Protocol address can assist the army in collecting information about threats."
If the internal networks of some Chinese companies use a similar IP address numbering scheme, some of their data might be routed to the United States.
The military can use the information provided by the experience to prevent hostile governments or cyber criminals from hijacking inactive IP addresses. This ensures that the United States can manage IP addresses so that they can be used when needed.
Although odd, this step could be significant given SolarWinds intrusion and other threats to government systems.