Defense
Vague contract language hampers cybersecurity for weapons systems, GAO says
The cybersecurity of the Defense Department’s weapons systems may hinge on clear contract requirements, according to a recent report.
The Government Accountability Office found that missing or vague cybersecurity requirements in acquisitions contracts for weapons systems often led to DOD getting a system that didn’t meet its security needs, according to a report released on March 4.
“The government is less likely to get what it wants if it omits all or part of its cybersecurity requirements,” W. William Russell, GAO director for contracting and national security acquisitions, wrote in the report.
GAO evaluated five programs across the Army, Air Force, Navy and Marine Corps and found that three of the five programs reviewed didn’t have cybersecurity requirements in their contracts when awarded, but modified after the fact to include them.
Additionally, those late additions were inconsistent or with vague references for a system to be “cyber resilient” or comply…