The Pentagon needs to do more to ensure its protocols for identifying and thwarting cyberattacks are as effective as possible, according to the Government Accountability Office (GAO).
In a Nov. 14 report, GAO noted that hackers have hit the Pentagon’s cyber infrastructure with attacks some 12,000 times since 2016. The report noted that DoD has responded by implementing two processes for managing such incidents – one for all such attacks, and another for those deemed “critical.”
The efforts are falling short, GAO stated. Internal reports are often incomplete and not often directed to the proper internal organizations. The agency recommended that DoD assign such responsibility for ensuring proper reporting of such incidents to a specific organization.
“Until DoD assigns such responsibility, [the department] does not have assurance that its leadership has an accurate picture of the department’s cybersecurity posture.”
Moreover, Pentagon leadership has to decide which cybersecurity incidents should be shared with the nation’s defense industrial base and other “relevant stakeholders,” the report stated.
“Until DoD examines whether this information should be shared with all relevant parties, there could be lost opportunities to identify system threats and improve system weaknesses,” GAO stated.