Cybersecurity Flaws In Defense Industry

The Government Accountability Office has published a lengthy report detailing cybersecurity deficiencies in the Dept. Of Defense, and in private companies involved in U.S. military operations. According to the report, the DOD hasn’t fully implemented its processes for managing cyber incidents; doesn’t have complete data on cyber incidents that staff report; doesn’t document whether it notifies individuals whose personal data is compromised in a cyber incident. The so-called “defense industrial base” (DIB) which includes suppliers in all industries, experiences cyberattacks regularly, but DOD hasn’t decided whether those incidents should be shared with all relevant stakeholders. DOD guidance states that cyber incidents must be coordinated among and across DOD organizations and outside sources, such as DIB partners. Until DOD examines whether this information should be shared with all relevant parties, there could be lost opportunities to identify system threats and improve system weaknesses. The GAO report has recommendations to address these issues.