Saturday, October 16, 2021

DOD’s weapons programs do not have clear cybersecurity guidelines: GAO

Must Read

Researchers: Hackers Easily Bypass Google reCAPTCHA With Google’s Speech-to-Text API

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to...

FonixCrypter ransomware Shut down and releases the master decryption key

The FonixCrypter team said it was closed and removed their ransomware source code.The cybercriminal team behind FonixCrypter ransomware announced...

UK NCA Announced the Arrest of 21 Clients of”WeLeakInfo”

Purchasing stolen data out of online marketplaces is quite risky, as you're getting involved in a cyber-criminal functioning by...

The U.S. Defense Department struggles to outline cybersecurity requirements in contracts for weapon systems, though the agency made important strides to improve those platforms’ cyber protections, a congressional watchdog announced Thursday.

In a new report released On Thursday, the U.S. Government Accountability Office (GAO) said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs. 

A report on five major weapon platforms across the military services found better security measures than in 2018, when the Government Accountability Office’s last review said cybersecurity practices for the weapons were inadequate.

As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity requirements into contract language. 

Still, the GAO found security gaps in the acquisition process, with three of five programs reviewed lacking any cybersecurity requirements in their contract awards. The Air Force was the only service with broad guidance to define cybersecurity requirements and incorporate them in contracts.

The Defense Department has a vast network of sophisticated weapons systems that need to withstand cyberattacks in order to function when required. But the DOD also has a documented history of finding mission critical security vulnerabilities within those programs due to what the GAO says is a lack of focus on weapon systems cybersecurity. 

A GAO report from 2018 found that the DOD has historically focused its cybersecurity efforts on protecting networks and traditional IT systems. Since that report, the DOD has reportedly taken steps to make its network of high-tech weapon systems less vulnerable to cyberattacks.

“As we reported in 2018, DOD had not prioritized weapon systems cybersecurity until recently, and was still determining how best to address it during the acquisition process,” the report stated. “The department had historically focused its cybersecurity efforts on protecting networks and traditional IT systems, but not weapon systems, and key acquisition and requirements policies did not focus on cybersecurity. As a result, DOD likely designed and built many systems without adequate cybersecurity.” 

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This