Governance and Risk Management, Government, Industry Specific
New report finds cybersecurity failures are causing Defense Department delays in purchasing new technology
Chris Liotta (Chris Liotta) •
June 19, 2024
Cybersecurity and personnel issues within the Pentagon are slowing the testing and deployment of new weapons, according to an annual review by a government watchdog of the Pentagon’s weapons systems procurement process.
reference: Maximizing the value of data for mission execution, citizen service, and education
A new GAO report finds that the Department of Defense has not consistently reported timelines for key cybersecurity evaluations.
The Department of Defense failed to consistently report schedules for major cybersecurity evaluations throughout the software development lifecycle and before planned transition dates, the Government Accountability Office reported. Said In its annual report released Monday, the GAO said it had issued a limited report for 2023 that included recommendations for the Defense Department to more consistently conduct significant cybersecurity testing of new software products.
“Conducting these assessments early is critical to identifying and remediating vulnerabilities,” the report said. The annual review also found that DoD programs “struggle to hire and retain talent with sufficient software expertise.”
According to the report, the Department of Defense is still in the “early stages” of developing a workforce with sufficient software expertise. Most of the department’s software-intensive acquisition programs are struggling to find and hire staff with the necessary training and skills. At least 31 of DoD’s 53 software-intensive acquisition programs reported software workforce challenges, ranging from hiring staff on time to perform planned work to retaining staff for software development.
GAO reported that more DoD programs are using modern software development approaches in 2021 and beyond, but said many DoD departments “continue to lag in implementing leading practices” that can accelerate software development while ensuring security throughout the development lifecycle.
The report said the Pentagon plans to invest more than $2 trillion in the development and acquisition of its most expensive weapons programs, even as it “continues to struggle to rapidly deliver innovative technologies.”
“Weapons systems are becoming more complex and software-driven than ever before,” the report states. “While recent reforms have aimed to deliver faster results, slow, linear development approaches remain.”
The Department of Defense has taken steps to improve its overall cybersecurity posture and modernize its software procurement processes. It announced plans to achieve zero trust benchmarks by 2027 and released the National Defense Industrial Strategy earlier this year (see: Department of Defense Releases First National Defense Industrial Strategy).
Monday’s report is GAO’s 22nd annual review of the Defense Department’s weapons systems acquisition practices. The report focuses on 31 major defense acquisition programs and 20 of the department’s most prominent mid-size acquisition programs. The government watchdog called on the Defense Department to identify the resources and strategies it needs to achieve adequate cybersecurity measures in the software product development lifecycle.
The Defense Department agreed with all of the GAO’s recommendations in the report. The department did not immediately respond to a request for comment.