GovInfoSecurity.com reported that “The U.S. Department of Defense still hasn’t addressed a series of critical cybersecurity gaps in its information technology business programs – two years after a government watchdog agency first urged the department to develop security strategies for each program.” The July 15, 2024 article entitled ” DOD Failing to Fix Critical Cybersecurity Gaps, Report Says” (https://tinyurl.com/2ww5akpb) included these comments:

DOD officials told the Government Accountability Office in June 2022 that they were addressing IT programs across the department that lacked cybersecurity strategies. But a new GAO report indicates that the DOD still hasn’t adopted an approved cybersecurity strategy for several of the department’s major IT business programs.

The GAO’s annual assessment of the Pentagon’s IT systems published Thursday says additional cybersecurity and reporting gaps exist across the department, including failures to track progress in software development and inadequate metrics for customer satisfaction. Program officials told the GAO they face significant challenges in establishing enhanced software development and cybersecurity processes, from leadership and staff turnover to unclear requirements and insufficient resources.

This is very concerning, what do you think?

First published at https://www.vogelitlaw.com/blog/apparently-dod-is-not-fixing-critical-cybersecurity-gaps