DoD Inspector General Looks at Department’s Commercial IT Product Security

Jeff Brody

The Department of Defense's Office of the Inspector General conducted an audit to verify whether DoD assesses cybersecurity risks in commercial off-the-shelf information technology products.

The audit found that DoD employs COTS IT products that hold commonly known cyber vulnerabilities due to lack of associated policy, strategy and product standards, DoD IG said in a report publicly released Tuesday.

The study looked at procurements done via government purchase cards, and discovered that the U.S. Army and U.S. Air Force have $32.8M of combined IT product purchases made with GPCs in fiscal 2018.

These purchases include Lenovo computers and GoPro cameras that possess cybersecurity risks.

DoD IG recommends the secretary of defense to order the development of a risk-based evaluation approach for COTS items, an associated testing procedure and a process to prevent purchases of high-risk products.

The office also urges the undersecretary of defense for acquisition and sustainment to implement policy that requires organizations to assess cyber risks in COTS products. The recommendation also calls for the establishment of requirements for cybersecurity risk training.

You may also be interested in...

Exoskeleton Tech

Army Experiments With Adaptive Exoskeleton Tech; Cortney Bradford Quoted

Army Research Laboratory (ARL) has launched an effort to study how autonomous exoskeleton technology can adapt to soldier users. The study aimed to identify brain and muscle signals, walking performance metrics and movement profiles that can be used to track an individual's state when using an exoskeleton, the Army said Tuesday.