The U.S. Department of Defense (DOD) continues to grapple with critical cybersecurity issues in its information technology (IT) business programs, despite longstanding recommendations from the Government Accountability Office (GAO). Two years ago, the GAO urged the DOD to develop and implement comprehensive cybersecurity strategies for each program. However, recent reports reveal that many major IT programs within the DOD still lack approved cybersecurity strategies.
The GAO’s latest annual assessment highlights ongoing gaps in the Pentagon’s IT systems, including ineffective progress tracking in software development and insufficient customer satisfaction metrics. Program officials face significant challenges, such as leadership turnover, unclear requirements, and limited resources, which impede efforts to enhance cybersecurity and software development processes.
Despite the DOD’s revised approach for addressing these high-risk areas, progress has been slow. As of March, the department had not implemented 22 GAO recommendations and continues to struggle with meeting required performance metrics for critical IT investments. These issues affect several key programs, including those used by the U.S. Navy, Marine Corps, and other branches.
The GAO’s assessment underscores the need for continued vigilance and improvement in the DOD’s IT systems. With an estimated $9.1 billion planned investment in IT business programs through 2024, the department must address these cybersecurity gaps to ensure the effective protection of its systems and data. The Office of the CIO has acknowledged these challenges and aims to improve reporting and compliance in future submissions.
