Jackson Barnett
The Department of Defense could be taking an overly optimistic approach to assessing cyber risk on several of its IT programs, according to the Government Accountability Office.
In a report published on Wednesday, the oversight agency said it had found at least 10 instances in major business IT programs audited, where independent assessments conducted by the DOD underestimated the level of cybersecurity risk.
The office has recommended that the DOD review how it conducts risk assessments across its IT system and warned that until it does so the department’s oversight of programs could be proving over-optimistic.
IT programs that the GAO says should be classified as having elevated risk levels include the DOD’s defense travel system, enterprise accounting and management system, logistics chain management systems, and the Marine Corps’ global combat support system.
GAO’s review also found challenges in DOD’s implementation of agile software practices. Among the concerns raised by the report were the inability of the department to…
