Watchdog: DOD needs to improve cybersecurity


According to a new summary of 21 different unclassified audits and reports, the Department of Defense has deficiencies in seven of eight critical cybersecurity metrics.

The cybersecurity summary by the DOD Office of Inspector General, dated Dec. 13, states that despite past warnings, the DOD continues to fall short in meeting Federal Information Security Modernization Act cybersecurity requirements.

The DOD OIG report is a digest of reports issued between Aug. 1, 2015 and Jul. 31, 2016. The DOD audit community and the General Accountability Office provided 61 different recommendations related to the FY 2016 IG FISMA metrics during that period.

Areas of recurrent weakness include identity management, access management, privacy training and configuration management.

"As recent audit reports identify, the DOD continues to face challenges in protecting and securing its networks, systems and infrastructure from cyber threats and increasing its overall cyber capabilities," reads the report. "One of the most important challenges is the continuous effort to protect the DOD's systems and networks from increasingly sophisticated cyber-attacks."

Specific examples cited include failing to require performance of software assurance countermeasures during weapons systems acquisition, improperly implementing project management resource tools and failing to review account access.

The report states that in addition to the 61 recommendations made during the reporting period, there were 166 unresolved cybersecurity recommendations as of Aug. 1, 2015, of which 28 were corrected during the following year.

The report states that a previous audit found DOD components are still not in full compliance with Homeland Security Presidential Directive 12, released in 2004, that outlines identification standards for federal employees and contractors.

"The report identified the lack of compliance leaves national security and Privacy Act information vulnerable to compromise and places soldiers, family members, civilians, and critical infrastructures at greater risk of an adverse incident occurring," OIG said.

"The DOD audit community and the GAO attributed their findings to the lack of clear guidance and noncompliance with Federal and DOD guidance and identified recommended actions to correct the cybersecurity weaknesses and improve DOD cybersecurity," the report states.

The report cautions that as the DOD increases its reliance on cyberspace "to enable its military, intelligence and business operations to perform the full spectrum of military operations," it's all the more critical for the department to address the cybersecurity weaknesses outlined in the report.

The report states that as it is a summary of previously issued audits, the OIG did not submit a draft to the DOD for comments.

The DOD did not respond to FCW's request for comments, and the OIG did not respond to FCW's query on whether the DOD had implemented any of the outstanding recommendations since the end of the reporting period on July 31.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.