Alyza Sebenius (Bloomberg) -- A government watchdog warned that the U.S. Defense Department has failed to adequately protect its computer and information systems from “common and pervasive” cybersecurity threats, while the Pentagon on the same day announced a significant increase in its capacity for remote work during the coronavirus pandemic.
Cybersecurity initiatives at the Defense Department are “incomplete -- or their status is unknown because no one is in charge or reporting on progress,” the Government Accountability Office said Monday in a summary of a report to Congress called “DOD Needs to Take Decisive Actions to Improve Cyber Hygiene.”
The report was released as the Pentagon said it has provided new equipment and network capacity in recent weeks to let hundreds of thousands of troops and civilian personnel work off-site amid the Covid-19 crisis. Remote work often creates new vulnerabilities and weakens cybersecurity, making it easier for hackers to gain access to organizations, according to experts.
While the Pentagon has a list of practices to deter hacking tactics used “frequently” by U.S. adversaries, it “doesn’t know the extent to which it’s using these practices,” the GAO said.
“The risks to IT systems supporting DOD are increasing as cybersecurity threats continue to evolve and become more sophisticated,” the watchdog agency said. “In particular, some foreign nations -- where adversaries may possess sophisticated levels of expertise and significant resources to pursue their objectives -- pose a significant threat.”
The GAO made seven recommendations for improvement to the Pentagon. In its response, the department concurred with one, partially concurred with four and rejected two of the recommendations, according to the report. A Pentagon spokesman couldn’t immediately be reached for comment.