Report: DoD Implementation of 2015 Cybersecurity Information Sharing Act ‘Inconsistent’

The Defense Department's inspector general has determined that the DoD failed to fully carry out the mandate of a 2015 statute designed to enhance the cybersecurity posture of government and private organizations.

The Cybersecurity Information Sharing Act of 2015 called on seven federal agencies, including the DoD, to develop policies that would facilitate the sharing of classified and unclassified cybersecurity threat indicators and defense measures among government as well as private entities, the DoD IG stated in a recently-released audit report.

The DoD IG observed that CISA was enacted inconsistently across the DoD, noting that “none of the four DoD Components reviewed” — namely the National Security Agency, the DoD Cyber Crime Center, the Defense Information Systems Agency and U.S. Cyber Command — “implemented all of the CISA requirements.”

The inspector general attributed this deficiency to the failure of the Defense Department’s chief information officer to promulgate an agency-wide CISA implementation and compliance directive.

The DoD IG went on to push for the formulation of such a directive since the fragmentary implementation of CISA prevents the DoD from gaining “a more complete understanding of increasing and persistent cybersecurity threats by leveraging the collective knowledge and capabilities of sharing entities.”

You may also be interested in...

Jill Hruby

Former Sandia Director Jill Hruby Confirmed as NNSA Administrator; Jennifer Granholm Quoted

The Senate approved Jill Hruby, former director of Sandia National Laboratories, by a 79-16 vote to lead the National Nuclear Security Administration (NNSA) and serve as undersecretary for nuclear security at the Department of Energy (DOE). Hruby started her career at SNL in 1983 as a technical staff member and conducted studies about thermal and fluid, solar energy and nuclear weapon systems.