Friday, July 23, 2021

DOD’s weapons programs do not have clear cybersecurity guidelines: GAO

Must Read

FICO Creates cryptocurrency Commerce Threat solution for banks

FICO has awakened with Bitfury Group to make a cryptocurrency hazard appraisal solution for financial institutions. The program will bring...

Philly Food Bank Loses $1m in BEC Scam

A Philadelphia food bank was scammed from almost $1m after a small business email compromise (BEC) attack, it's emerged. Philabundance...

Why Cybercrime shift from attacks targeting individual systems to attacks targeting entire organizations

The change from attacks targeting human systems to strikes targeting whole associations is pushing up the price of cyberattacks...

The U.S. Defense Department struggles to outline cybersecurity requirements in contracts for weapon systems, though the agency made important strides to improve those platforms’ cyber protections, a congressional watchdog announced Thursday.

In a new report released On Thursday, the U.S. Government Accountability Office (GAO) said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs. 

A report on five major weapon platforms across the military services found better security measures than in 2018, when the Government Accountability Office’s last review said cybersecurity practices for the weapons were inadequate.

As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity requirements into contract language. 

Still, the GAO found security gaps in the acquisition process, with three of five programs reviewed lacking any cybersecurity requirements in their contract awards. The Air Force was the only service with broad guidance to define cybersecurity requirements and incorporate them in contracts.

The Defense Department has a vast network of sophisticated weapons systems that need to withstand cyberattacks in order to function when required. But the DOD also has a documented history of finding mission critical security vulnerabilities within those programs due to what the GAO says is a lack of focus on weapon systems cybersecurity. 

A GAO report from 2018 found that the DOD has historically focused its cybersecurity efforts on protecting networks and traditional IT systems. Since that report, the DOD has reportedly taken steps to make its network of high-tech weapon systems less vulnerable to cyberattacks.

“As we reported in 2018, DOD had not prioritized weapon systems cybersecurity until recently, and was still determining how best to address it during the acquisition process,” the report stated. “The department had historically focused its cybersecurity efforts on protecting networks and traditional IT systems, but not weapon systems, and key acquisition and requirements policies did not focus on cybersecurity. As a result, DOD likely designed and built many systems without adequate cybersecurity.” 

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This