WASHINGTON: Five years after the Pentagon demanded every weapon system include the requirement that it be able to fight through Russian and Chinese cyber attacks expected on future battlefields, DoD “does not often include cybersecurity” in key performance parameters (KPP) for major programs, says GAO in its annual defense acquisition review.
Of the three services, the Air Force is the worst at fulfilling two of the three best cybersecurity practices, the report says. The congressional watchdog found “inconsistent implementation of leading software practices and cybersecurity measures” among high-dollar “major defense acquisition programs” (MDAPs) — 85 programs worth $1.80 trillion at the end of 2019.
“This included longer-than-expected delivery times for software and delays completing cybersecurity assessments— outcomes disruptive to DOD’s efforts to keep pace with warfighters’ needs for enhanced, software-dependent capabilities and protect weapon systems from increasingly sophisticated cybersecurity threats,” GAO said in the June 3 report.
Cybersecurity KPPs Left Out
The GAO report explains that KPP “are considered the most critical requirements…