DOD watchdog lists top 10 challenges for 2017

The Pentagon Inspector General's office has released its Fiscal Year 2017 Oversight Plan that focuses on 10 performance and management challenges facing the DOD, including cyber.

Shutterstock image (by alienant): An aerial view of the pentagon rendered as a vector.
 

The Department of Defense Office of Inspector General has released its 2017 Oversight Plan that outlines 10 areas of focus, including cyber.

"Increasing Cyber Security and Cyber Capabilities" is one of the DOD's performance and management challenges the watchdog will audit in 2017, along with other areas such as acquisition, countering the terrorist threat and force readiness.

"The DOD OIG identified these challenges based on our oversight work, research, and judgment; oversight work done by other components within the DOD; input from DOD leaders; and oversight projects by the Government Accountability Office," the report states. "While we solicited input from the DOD, we identified these challenges independently."

"The DOD continues to face significant challenges in protecting and securing its networks, systems, and infrastructure from cyber threats and in increasing its overall cyber capabilities," according to OIG, despite some strategic progress from Cyber Command.

The report reiterates what top Pentagon officials have been saying throughout 2016:  cyber threats to the DOD continue to increase, and nation states such as Russia, China, Iran and North Korea are investing heavily in "sophisticated campaigns to penetrate and compromise DOD's networks."

Last week, the DOD OIG released a summary report of 21 audits conducted between Aug. 1, 2015, and Jul. 31, 2016. That report made 61 specific recommendations the DOD needs to take to improve cybersecurity. Those recommendations were added to 138 outstanding items from previous audits.

The coming year will bring more than 12 tech-related audits covering the defense of DOD networks, developing cyber capabilities and infrastructure, cyber offensive and defensive operations, and building and retaining the cyber workforce.

The audits will drill down on specific topics such as implementation of the Joint Information Environment, physical access controls, security controls over contractor systems, insider threat programs and cyber threat indicator sharing.

The Oversight Plan states that DOD continues to face challenges "in developing or acquiring unique cyber capabilities to conduct defensive and offensive operations."

The report also says that DOD does not have "an effective cloud computing implementation strategy or process to collect data and measure the effectiveness and efficiency of the DOD cloud initiative."

The DOD did not have any comment on the OIG Oversight Plan.