Defense

DOD is actually doing a good job in keeping some of its weapons secure

Each branch of the military and U.S. Special Operations Command demonstrated timely analysis and reaction to cyberthreats, which earned them a pat-on-the-back from the DOD IG.

By Jackson Barnett

February 17, 2021

A B-2 Spirit bomber deployed from Whiteman Air Force Base, Missouri, is parked on the flightline at Joint Base Pearl Harbor-Hickam, Hawaii, Jan. 10, 2019. B-2s were one of the systems recently audited by the IG. (U.S. Air Force photo by 2nd Lt. Allen Palmer)

The Department of Defense — which has struggled to secure its IT, especially in its supply chain — has met most of the cybersecurity best practices for keeping critical weapons systems secure, according to an inspector general report.

The report, published Friday, was conducted as a checkup on the cybersecurity of weapons later in their lifecycles. Each branch of the military and U.S. Special Operations Command demonstrated timely analysis and reaction to cyberthreats, which earned them a pat-on-the-back from the IG.

“We identified best practices employed by program officials that ensured that information gathered and analysis performed was sufficient to identify and mitigate potential malicious activity, cyber vulnerabilities, and threats; and assess the effectiveness of protection measures within the weapon system for data and cyber resiliency,” the report stated.

The report looked specifically at the operations and support phase of the acquisition lifecycle, which is the last phase in which weapons are used and sustained through repairs and updates. Operations and support lasts for years, making it a ripe time for damaging cyberattacks as systems age and are in use. Leaders have warned that weapons systems remain vulnerable and must be constantly monitored since even slight variations in control could undermine trust and accuracy of their deployment.

The report dove into five systems, including the B-2 Spirit Bomber and guided missiles used by the Navy. The many other weapons systems not inspected in this report should learn from the best practices implemented on the five systems the IG audited, the report noted.

“We did not identify any internal control weaknesses related to developing and updating cybersecurity requirements based on risk for the programs we assessed,” it said.

One of the critical best practices was the timely sharing of information, a difficult function for siloed government agencies. By sharing new cyberthreats between offices for different systems, patches and risk reduction could more quickly be deployed. The IG pointed to working groups that different agencies and program offices made in order to boost collaboration on threat assessment and risk mitigation as a best practice others should adopts.

“Program officials for all weapon systems should consider the best practices described in this report when developing plans and procedures for reducing cybersecurity risks within their programs,” the report stated.

DOD is actually doing a good job in keeping some of its weapons secure

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

ACLU seeks AI records from NSA, Defense Department in new lawsuit

Top Stories

IRS touts Direct File usage, while mulling the future of the program

DHS launches safety and security board focused on AI and critical infrastructure

GSA welcomes nominations for advisory committee focused on federal transparency efforts

Security flaws in IRS systems pose risk to financial statements, GAO says

DOJ seeks public input on AI use in criminal justice system

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

DHS picks OMB official to lead its new AI Corps

More Scoops

New TMF investments support NASA, DOL modernization and cybersecurity efforts

On some basic metadata practices, US government gets an ‘F,’ per new online tracker

CISA issues updated cloud security resources for federal agencies

Nuclear security agency still in early stages of weapons cybersecurity, watchdog says

NASA lack of standardized AI definition creates AI and cyber risks, watchdog finds

New rule could impose CMMC-like cyber requirements for civilian agency contractors

Energy Department watchdog finds agency cloud IT systems lacked appropriate authorizations

Latest Podcasts

DOD is actually doing a good job in keeping some of its weapons secure

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition