The Department of Defense’s (DOD) office of inspector general (OIG) conducted an audit of cybersecurity requirements for five weapons systems during the operations and support phase of DOD’s acquisition lifecycle and found that program officials for those systems complied with the Risk Management Framework and secured an authorization to operate.
Program officials also initiated measures to update those cyber requirements during the O&S phase based on known cyber vulnerabilities and security threats obtained from intelligence agencies, according to OIG’s report released Wednesday.
The five weapon systems assessed in the report were the Advanced Threat Infrared Countermeasures/Common Missile Warning System; Multifunctional Information Distribution System Joint Tactical Radio System; Advanced Anti-Radiation Guided Missile; B-2 Spirit Bomber; and AC-130J Precision Strike Package.
The officials performed best practices to help reduce the risk of cyber threats to DOD’s weapon systems. These include conducting cyber tabletop exercises, participating in intelligence-based working groups and performing cyber threat and risk assessments.
“Program officials for all weapon systems should consider the best practices described in this report when developing plans and procedures for reducing cybersecurity risks within their programs,” the report states.