Key weapons programs need new cyber requirements, IG finds
- By Justin Katz
- Feb 17, 2021
The Defense Department inspector general praised five military weapons program offices that have successfully been updating cybersecurity requirements necessary to protect their systems against identified threats, according to a new report.
The Feb. 10 report, which does not explain what prompted the audit, examines the cybersecurity practices of one Army program, one from U.S. Special Operations Command, two Navy and two Air Force programs. All five programs are considered to be in the final stages of their acquisition lifecycle in which the technology has been proven and requires sustainment until it is retired.
The cybersecurity threat to the Pentagon's weapon systems is exacerbated by the age of its programs, which were designed years and even decades before modern cyber capabilities were developed.
The Air Force's B-2 Spirit Bomber, which was one of the programs the IG reviewed, was created and introduced into military service in the 1980s and 1990s. It has been in the final stage of its acquisition lifecycle -- operations and sustainment -- for 16 years.
"Because the O&S phase of the acquisition life cycle may last for years, DOD Components must continue to emphasize the protection of weapon systems by mitigating cyber threats throughout the O&S phase," the IG report said.
Government watchdogs in recent years have warned the military that its weapon systems face the same kinds of cybersecurity threats associated with internal business systems.
The Government Accountability Office in 2018 not only told the Pentagon about these threats but demonstrated them.
"Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications," GAO auditors stated in the report.
This article first appeared on FCW, a Defense Systems partner site.
Justin Katz is a former staff writer at FCW.