Department of Defense OIG Releases Report on Cybersecurity

Last week, the Office of the Inspector General (OIG) at the Department of Defense (DOD) released a brief assessing the steps the department took to address cybersecurity concerns between July 2017 and June 2018. The report concludes that while the department has followed through on some important recommendations for improving cyber security, more must still be done to protect the country against cyber threats.

The OIG assessed the results of 20 unclassified and 4 classified cybersecurity reports by the DOD oversight community and the Government Accountability Office (GAO) between 2017 and 2018.

The National Institute of Standards and Technology (NIST) created the NIST Cybersecurity Framework in 2017 to better assess and handle cyber security risks. As a result, NIST created a framework of five functions- identify, protect, deter, respond, and recover- to “provide a strategic view of the risk management lifecycle”, as the report explains.

Each of the five framework areas can be broken down into categories and subcategories which outline levels of risk and risk response.

In analyzing the aforementioned reports, the OIG found that the DOD has implemented 19 of the 159 recommendations made during the year in question.

The implemented recommendations allow the DOD to address concerns related to asset management, identity management, and secure, continuous monitoring. However, according to the OIG report, significant lapses in security remain in “governance, information protection processes and procedures, access control, detection processes, and communications."

The OIG found that a lack of proper governance has created a substantial back log in implementing recommendations.

The report notes, “Without proper governance, the DOD cannot assure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information system. The DOD must ensure that cybersecurity risks are effectively managed to safeguard its reliance on cyberspace to support its operations and implement proper controls and processes where weaknesses are identified to improve cybersecurity for the DOD.”

The DOD currently needs to take action on 266 open cybersecurity related recommendations- 255 unclassified and 11 classified- dating as far back as 2008.

Posted in Featured News


This Week on FEDtalk

Preparing Young People for Public Service

Tune in to FEDtalk this week for a discussion on the transition between college and government. The guests will cover how the federal government is currently struggling to recruit and retain young people in public service. Guests will also highlight projects by both government entities and stakeholders to encourage individuals to join the next generation of federal government work.

Read more ...

Hear it from FLEOA

FLEOA Encourages Passage of EAGLES Act Following Wave of Mass Public Violence

Nathan Catura, President of the Federal Law Enforcement Officers Association (FLEOA), the nation’s largest non-partisan, not-for-profit professional association representing more than 27,000 federal law enforcement officers and agents across 65 federal agencies, today issued the following statement in support of the EAGLES Act.

Read more ...

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019
Hosted by Peak Media Company, LLC