The Department of Defense's office of the inspector general has found in its follow-up audit that DoD components failed to mitigate cyber vulnerabilities in a consistent manner because they were not able to evaluate the impact of such vulnerabilities on their mission.
The Pentagon did not come up with a unified approach to prioritize and support the missions of the department’s cyber red teams and failed to develop processes to hold the components responsible for the mitigation of cyber issues, according to an OIG report publicly released Tuesday.
The inspector general’s office recommends that the DoD secretary designate an organization that will review reports of cyber red teams for systemic vulnerabilities, develop baseline tools that cyber red teams need to carry out missions and ensure that DoD components create and implement a risk-based process to evaluate the impact of vulnerabilities identified by cyber red teams.
The chairman of the Joint Chiefs of Staff should advance the inclusion of requirements for addressing vulnerabilities identified by cyber red teams by revising its manual 6510.02 and instruction 6510.05, according to the report.
The OIG conducted the follow-up audit to determine whether the DoD components and cyber red teams initiated measures to address problems identified in a December 2012 report.