Governance & Risk Management
,
Government
,
Industry Specific
New Report Says DOD Is Lagging in Procuring New Tech Amid Cybersecurity Failures
Cybersecurity and workforce challenges inside the Pentagon slow down the testing and deployment of new weapons, according to an annual government watchdog review of the U.S. Department of Defense’s weapon systems acquisition processes.
See Also: Strengthen Cybersecurity with Zero Trust Principles
The Pentagon failed to consistently report scheduling critical cybersecurity assessments, according to a new GAO report.
DOD failed to consistently report scheduling key cybersecurity assessments throughout the software development life cycle and prior to planned transition dates, the Government Accountability Office said in its annual review published Monday. GAO said it published a restricted report in 2023 that included recommendations for the Pentagon to more consistently implement critical cybersecurity testing for new software products.
“Conducting such assessments early is critical to identifying and fixing vulnerabilities,” the report says. The annual review also found DOD programs “have struggled to hire and retain a workforce with sufficient software expertise.”
The DOD is still in the “early stages” of developing a workforce that has adequate software expertise, the report says. Most of its software-intensive acquisition programs struggle to find and hire staff with the necessary training and skills. At least 31 of the Pentagon’s 53 software-intensive acquisition programs reported software workforce challenges, from hiring staff in time to perform planned work to difficulties retaining staff for software development.
GAO said that more Pentagon programs have reported using modern software development approaches since 2021, but many DOD components “continued to lag in implementing key practices” that can accelerate software development while ensuring security throughout the development life cycle.
The department is planning to invest over $2 trillion to develop and acquire its most expensive weapon programs, the report says, even as it “continues to struggle with delivering innovative technologies quickly.”
“Weapon systems are more complex and driven by software than ever before,” the report said. “Recent reforms were intended to lead to faster results, but slow, linear development approaches persist.”
The DOD has taken some steps to improve its overall cybersecurity posture and modernize its software acquisition processes. It released a plan to achieve zero trust benchmarks by 2027, and it unveiled a national defense industrial strategy earlier this year (see: DOD Unveils First-Ever National Defense Industrial Strategy).
The Monday report is GAO’s 22nd annual review of the Defense Department’s weapon systems procurement practices. It focuses on 31 major defense acquisition programs and 20 of the department’s most prominent middle-tier acquisition programs. The government watchdog urged the DOD to identify resources and strategies required to achieve adequate cybersecurity measures in its software product development life cycles.
The DOD agreed with all of GAO’s recommendations included in the report. The agency did not immediately respond to a request for comment.