Of the three services, the Air Force is the worst at fulfilling two of the three best cybersecurity practices, the report says. The congressional watchdog found “inconsistent implementation of leading software practices and cybersecurity measures” among high-dollar “major defense acquisition programs” (MDAPs) — 85 programs worth $1.80 trillion at the end of 2019.
“This included longer-than-expected delivery times for software and delays completing cybersecurity assessments— outcomes disruptive to DOD’s efforts to keep pace with warfighters’ needs for enhanced, software-dependent capabilities and protect weapon systems from increasingly sophisticated cybersecurity threats,” GAO said in the June 3 report.
Cybersecurity KPPs Left Out
The GAO report explains that KPP “are considered the most critical requirements…
