facebook linkedin twitter

Defense Supply Chain Management Systems Are Vulnerable, GAO Says

June 24, 2021 by Reece Nations
The Pentagon in Arlington county, Va. (Dreamstime/TNS)

WASHINGTON — The Government Accountability Office issued a report this week addressing cybersecurity vulnerabilities in the Department of Defense inventory management systems used to manage the national defense supply chain.

Risks in six inventory management systems run by the Defense Logistics Agency were reviewed in the report, along with what steps have already been taken to mitigate the potential danger. GAO has identified defense cybersecurity as a high-risk area since 1997.

“To carry out the agency’s missions and account for its resources, DLA relies on information systems to access and manage supply chain, inventory, and other logistics data,” GAO officials wrote in a letter to the House Committee on Armed Services. “As such, the security of these systems and data is vital to public confidence and the nation’s safety, prosperity, and well-being. However, cyber-based intrusions and attacks on both federal and nonfederal systems have become not only more numerous and diverse, but also more damaging and disruptive.”

GAO issued a series of five recommendations in the report, ranging from revising standard operating procedures to include system-specific monitoring strategies to ensuring the DLA director incorporates residual risk information in corrective action plans. 

Another recommendation directs the DLA director to update and institute an assessment plan approval process, ensuring a designated authorizing official reviews and approves system assessment plans before the system’s evaluation.

The office also wants the DLA director to revise and carry out the agency’s process for obtaining waivers that accept “identified ongoing risk,” including 338 pending corrective action plans still awaiting waivers. 

Another recommendation of the report dictates the DLA cybersecurity Office to design and produce a process for program offices to review the consistency and completeness of authorization documentation before submitting packages to the designated authorizing officials.

“We supplemented our analysis of documents and data by interviewing officials in DLA’s Cybersecurity Office and the system program offices about their efforts to assess, document, and review security controls for their respective systems,” the GAO report read. “We then made determinations about the extent to which each system’s program office had fully addressed, partially addressed, or not addressed all aspects of the required tasks for the risk management step based on the documents and data provided.”

Of the five recommendations in the report, DLA agreed with two and partially agreed with three. DLA issued partial concurrences with the recommendations and advised a revision of standard operating procedures, the instituting of the assessment plan approval process, and the creation of a process for reviewing authorization documentation.

DLA disagreed that there weren’t monitoring strategies determining the effectiveness of security controls and that there were “missed opportunities for risk-based decisions” regarding authorization issuances. It also did not agree that there is no process for reviewing authorization documentation before submitting requests for authorization.

GAO found the agency only fully addressed and remedied two of its six risk management steps for the inventory management systems: the categorization of systems and establishing an implementation approach. According to the report, the DLA partially addressed the selection of security controls, assessment of the controls, and system authorization and monitoring of security controls.

Until the DLA addresses all of the identified deficiencies, the agency’s control over cyber risks presented to critical systems will be “impeded and potentially pose risks to other DOD systems” should the DLA systems be compromised.

“This report does not address the extent to which DLA and the selected systems’ countermeasures are able to successfully prevent certain cyberattacks,” the report’s text continued. “Rather, it focuses on DLA’s efforts to manage the cybersecurity of these six systems through a risk management framework that is intended to help managers make informed decisions about cyber threats, and to prioritize mitigations and responses to threats in the most cost-effective manner.” 

In The News

Health

Voting

Defense

July 23, 2021
by Brock Blasdell
DOD to Perform First Review of Private Contracts In Over 30 Years

WASHINGTON - The Department of Defense is conducting its first fiscal research study in over 30 years to determine the... Read More

WASHINGTON - The Department of Defense is conducting its first fiscal research study in over 30 years to determine the efficiency and overall health of the military industry and its private contractors. The decision comes as part of a push by the DOD to utilize budgeted... Read More

July 6, 2021
by Dan McCue
Stress, Loneliness Top Issues for Military Spouses

Spouses of military reservists feel they are healthy and financially comfortable, but more of them complained of stress and loneliness... Read More

Spouses of military reservists feel they are healthy and financially comfortable, but more of them complained of stress and loneliness in a survey released Tuesday by the Department of Defense. The survey of Reserve Component Spouses is conducted every two years, and along with the Survey... Read More

June 30, 2021
by Dan McCue
Former Defense Secretary Donald Rumsfeld Dies at 88

Donald Rumsfeld, the former defense secretary who ran the Pentagon when the U.S. launched wars against Iraq and Afghanistan, has... Read More

Donald Rumsfeld, the former defense secretary who ran the Pentagon when the U.S. launched wars against Iraq and Afghanistan, has died at the age of 88, his family announced Wednesday. The cause was multiple myeloma, said Keith Urbahn, a spokesman for the family. "It is with... Read More

June 24, 2021
by Dan McCue
Blue Dogs Call for Increased Defense Funding, Prioritizing of National Defense

WASHINGTON - The Blue Dog Coalition of House Democrats is calling on its congressional colleagues to approve the Biden administration’s... Read More

WASHINGTON - The Blue Dog Coalition of House Democrats is calling on its congressional colleagues to approve the Biden administration’s $753 billion defense spending request for Fiscal Year 2022, saying the proposed $12.3 billion increase over last year will better enable the U.S. to counter the... Read More

June 24, 2021
by Reece Nations
Defense Supply Chain Management Systems Are Vulnerable, GAO Says

WASHINGTON — The Government Accountability Office issued a report this week addressing cybersecurity vulnerabilities in the Department of Defense inventory... Read More

WASHINGTON — The Government Accountability Office issued a report this week addressing cybersecurity vulnerabilities in the Department of Defense inventory management systems used to manage the national defense supply chain. Risks in six inventory management systems run by the Defense Logistics Agency were reviewed in the... Read More

June 22, 2021
by Dan McCue
DOD Advised to Provide Congress With More Info On PFAS Costs

WASHINGTON - Despite being in the early phases of an investigation into PFAS contamination at nearly 700 U.S. military installations,... Read More

WASHINGTON - Despite being in the early phases of an investigation into PFAS contamination at nearly 700 U.S. military installations, the Department of Defense says the future environment clean-up of these facilities will cost at least $2.1 billion and likely much more. That number has not... Read More

News From The Well
scroll top