Several Pentagon IT programs still lack a cyber strategy, watchdog finds
The programs, used daily by DOD employees, do not even comply with decade-old cybersecurity requirements, GAO concludes.
DAVID DIMOLFETTA | JULY 14, 2024
CYBER C4ISR PENTAGON CIVILIANS
The DOD’s information technology business arm still lacks cybersecurity strategies in several of its programs, according to a sweeping review of the government’s military and national security spending patterns released Thursday.
The programs that help support day-to-day software needs of Defense Department employees should get approved cyber strategies in place as soon as possible to best position them against cyberattacks and to reduce scheduling and performance costs, the U.S. Government Accountability Office said in its annual assessment of DOD’s IT spending.
GAO found in last year’s assessment that six of the DOD’s business IT programs did not have approved cyber strategies in place, and officials in March of this year acknowledged they are needed, GAO said. Draft strategies are still in the works and awaiting approval, according to Thursday’s oversight report.
The specific programs lacking the strategies are unnamed but are supposed to have plans that include cybersecurity and resilience requirements, as well as system documentation for security testing, according to previously released DOD IT system requirements dating back to 2014.
https://www.defenseone.com/policy/2024/07/several-dod-it-programs-still-dont-have-cyber-strategy-watchdog-finds/397995/
