WASHINGTON, (BM) – The contracts concluded by the Pentagon do not take into account cybersecurity requirements, which pose a threat to the state and may have a direct impact on missions conducted by the US armed forces, assessed the US Government Accountability Office, learned BulgarianMilitary.com citing CyberDefence24.
- Arabs are calling for artificial intelligence in the army
- U.S. is giving billions to the ITs for military intelligence
- Japan invests $150M in a new plane to ‘burn’ enemy electronics
The problem concerns mainly weapon systems, which are crucial for the coordination of actions on the battlefield and the effectiveness of military operations. “If you do not include the cybersecurity requirements in the contract, you cannot expect the contractor to meet them,” warns the director of the Office.
The US Government Accountability Office (GAO) is the entity that regularly provides the Congress, heads of intelligence agencies and the public with up-to-date, unbiased, and factual information. This information uses to improve the government sector’s work and save billions of dollars in taxpayers’ pockets.
Nowadays, the United States Department of Defense focuses more and more on modern weapon systems to give the American armed forces an advantage on the battlefield. However, these advanced, complex, and expensive weapons systems are vulnerable to cyber-attacks. The Pentagon has only recently begun to attach great importance to cybersecurity, which has become a government priority over time.
What GAO says?
William Russell, director of GAO, explained that the term “weapon systems” should be understood as infrastructure designed to create a network between, e.g., autonomous or semi-autonomous devices. For example – a network between drones and traditional combat vehicles, including tanks. “Their systems connect on a single network, and they work together, which has many benefits. On the other hand, it generates many vulnerabilities that need to be protected from,” also he said.
As pointed out by the GAO director, the armed forces’ most critical issue is that all systems work efficiently on the battlefield. Therefore, the Pentagon’s task must be to ensure the highest level of cyber-resilience, i.e., to strive for a situation in which the military can continue to carry out a mission, despite a cyberattack on its infrastructure.
“US opponents invest a lot of energy and time in developing their offensive cyber abilities to be able to successfully attack US networks and other infrastructure to reduce US military advantage,” Russell said.
There are gaps in contracts with suppliers
In its latest assessment, the GAO found that the US Department of Defense is committed to making weapons systems cyber-resistant, so some steps have been taken that measurably increase US military forces’ cybersecurity.
In this context, it was indicated, among other things, to organize more tests and simulations of activities in cyberspace and facilitate access to specialist knowledge. “It is important that the Pentagon continues its efforts to improve the cybersecurity of weapons systems,” emphasizes GAO.
“Three of the five contracts did not contain any cybersecurity requirements at the time of award,” US Government Accountability Office said in its report.
On the other hand, the Bureau found irregularities contributing to an increase in unnecessary risk. According to GAO’s analysis, Pentagon programs do not always include cybersecurity requirements, especially contractual provisions. “Contractors are only responsible for meeting the conditions laid down in the contract,” indicates the Office. As added, GAO-reviewed contracts did not address cybersecurity issues at the time of their award. GAO added many requirements to the documents later, but they formulated vaguely, which did not alleviate the problem.
“If you don’t include cybersecurity requirements in your contract, you can’t expect the contractor to meet them,” William Russell adds.
A holistic approach to the problem is needed
The GAO said the US Department of Defense and military services had developed several policy documents and guidelines to improve weapons systems’ cybersecurity. These actions are not enough to fully ensure the protection and resilience of infrastructure. In this context, a comprehensive approach to the problem is necessary, which also applies to the inclusion of specific cybersecurity guidelines already in the contractual provisions, which will oblige the contractor to meet the demands.
The exception is the US Air Force, which – according to the Office – actually attach great importance to including cybersecurity issues in the contract. As GAO points out, contract command details the requirements required for an entity to perform certain activities.
Such an approach should not be an exception, but a normal phenomenon, especially in the military sector, which is crucial for state security. The Office clearly stated that the US armed forces’ weapons systems must operate efficiently in all circumstances and cannot be disrupted by cyber attacks.
***
Follow us everywhere and at any time. BulgarianMilitary.com has responsive design and you can open the page from any computer, mobile devices or web browsers. For more up-to-date news, follow our Google News, YouTube, Reddit, LinkedIn, Twitter and Facebook pages. Subscribe to our Newsletter and read our stories in News360App in AppStore or GooglePlay or in FeedlyApp in AppStore or GooglePlay.