Cyber security requirements delaying some defense IT and software projects for as long as five years

WASHINGTON – In the first of a series of annual reviews of major defense IT systems, the Government Accountability Office (GAO) examined 15 DOD IT programs and found 10 programs had schedule delays, including one 5-year delay. Eleven had decreased cost estimates as of December 2019, according to the audit, which was released last month. Defense One reports. Continue reading original article

The Military & Aerospace Electronics take:

14 Jan. 2021 -- U.S. Department of Defense (DOD) software development approaches are helping avoid cost increases and schedule delays for many major information technology systems, but uneven implementation of cyber security best practices may be introducing risk to these programs, according to the watchdog report.

While GAO didn’t make any specific recommendations in the audit, DOD in its comments said the audit “highlight[s] opportunities for continued improvement to acquiring IT capabilities.” The main challenge for DOD’s major IT systems is the agency’s mixed record on incorporating cyber security best practices.

While all 15 programs are using cyber security strategies, only eight conducted cyber security vulnerability assessments, which help determine whether security measures are strong enough. In addition, 11 of the 15 programs conducted operational cybersecurity testing, but only six conducted developmental cyber security testing.

Related: Military cyber security: threats and solutions

Related: Deploying commercial trusted computing for defense and aerospace applications at the speed of technology

Related: DARPA asks industry to develop built-in cyber security against computer hardware vulnerabilities

John Keller, chief editor
Military & Aerospace Electronics