DOD IG cancels audit of military's efforts to address cyber vulnerabilities in weapon programs

By Justin Doubleday / October 22, 2020 at 12:18 PM

The Defense Department inspector general has terminated an audit of what DOD did to address cybersecurity vulnerabilities identified during the testing and evaluation of acquisition programs, citing the effects of COVID-19.

The objective of the canceled audit was to "determine whether DOD Components took action to accept, mitigate, or remediate cybersecurity vulnerabilities identified during cybersecurity test and evaluations of DOD acquisition programs," Carol Gorman, assistant inspector general for the cyberspace operations, wrote in an Oct. 16 memo.

"We are terminating this classified audit because the coronavirus disease-2019 pandemic

impacted the operational environment and the team's ability to effectively complete the audit," Gorman continued. "We appreciate the courtesies extended to the staff during the audit."

The audit was likely to shed more light on how DOD is addressing cybersecurity vulnerabilities in its major weapons programs after a 2018 Government Accountability Office report found the department may have developed "an entire generation" of weapon systems without adequate cyber protections.

Between 2012 and 2017, DOD weapons testers found vulnerabilities "in nearly all weapon systems that were under development," according to GAO. The report declined to name specific programs and weapon systems due to security concerns.

"Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected," the GAO report revealed. "In some cases, system operators were unable to effectively respond to the hacks."

In its annual report on DOD's acquisition programs released this year, GAO found many programs still neglect cybersecurity, leading to increased costs and schedule delays.