The National Nuclear Security Administration has developed risk management practices and policies, but its efforts to counter cybersecurity threats in its nuclear weapons IT and operational technology environments are still in the early stages, according to the Government Accountability Office.
GAO said in a report published Monday that NNSA’s initiatives to develop an inventory of OT systems and reduce risks to such platforms are limited in scope.
When it comes to the information technology environment for its nuclear weapons, NNSA has not yet completed its attempts to create an inventory for such IT systems and mitigate cyber vulnerabilities to such platforms.
“NNSA officials said that they have conducted preliminary reviews and determined that current nuclear weapons generally contain little IT that is at risk due to their age and reliance on older technology,” the GAO report reads.
The congressional watchdog said newer nuclear weapons programs are set to enter the stockpile by the end of the decade and may integrate more IT systems.
“NNSA officials said that each program is still considering approaches to managing cybersecurity risks as part of the weapon design and development process,” the report states.