GAO: DoD Must Execute Cyber Vulnerability Assessments to Prevent Program Delays, Cost Increases

1 min read
Enterprise-Wide Implementation

A new Government Accountability Office (GAO) report has found that conducting cybersecurity vulnerability assessments could help the Department of Defense (DoD) address issues in program costs and schedule delays.

GAO’s assessment states that 11 out of 15 major DoD information technology programs decreased cost estimates by up to 33.8 percent while 10 of those programs saw delays of up to five years, the watchdog said Wednesday.

According to the report, the eight programs that implemented cyber vulnerability reviews or systematic assessments of IT systems and products experienced less cost increases and program delays compared to the programs that failed to conduct such assessments.

Program officials have said that development challenges and testing delays impacted costs while challenges in cyber operations and performance resulted in schedule delays, GAO noted.

Ten of the 15 programs reportedly used commercial off-the-shelf software to quicken the pace of delivery, and 14 projects used iterative software development approaches.

However, GAO said that the IT programs also used a ”waterfall” approach to software development that could result in cost risks due to its “linear and sequential phases of development that may be implemented over a longer period of time.”

As part of the study, GAO selected the DoD’s major IT programs that established acquisition program baselines but have not fully deployed them by Dec. 31st, 2019.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

The Ultimate Guide to Winning Government Contracts Let us show you how top executives are winning so you can replicate it