The Government Accountability Office has identified deficiencies in the Defense Counterintelligence and Security Agency’s oversight of classified information security across the defense industry.
U.S. adversaries are targeting government data. Find out how the Department of War, the FBI, the Department of Education and other agencies are addressing increasing threats at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Leaders from across government and industry will be present to deliver keynote addresses, participate in panel discussions and forge new partnerships during networking sessions. Sign up here.
Table of Contents
What Types of Security Violations Did GAO Find?
In a report published Friday, the congressional watchdog revealed that DCSA documented 815 violations and over 1,000 open vulnerabilities across contractor facilities based on more than 4,600 security reviews conducted in fiscal year 2025.
Nearly 60 percent of the violations were categorized as “data spills,” which means classified information appeared on an unclassified system. Meanwhile, 11.5 percent of the violations identified in the report involved improper storage of classified information.
Other violations include access breaches or unauthorized disclosures, physical losses and improper physical transfers.
In addition, DCSA reported 1,032 open vulnerabilities as of September 2025, reflecting weaknesses in contractor security programs that could be exploited to gain unauthorized access to classified information.
What Issues Did GAO Identify in DCSA’s Industrial Data Security Oversight?
DCSA has taken steps to manage risk but has not fully aligned its efforts with DOW guidance, GAO said. For example, the agency does not use advanced analytic tools to help field operators assess regional risks and identify broader trends affecting mission performance.
The report also flagged shortcomings in the National Access Elsewhere Security Oversight Center, or NAESOC, an initiative launched in 2019 to reduce workload and mitigate risk. Focus group participants interviewed for the report shared that the center suffers from staffing shortages, limited risk mitigation and industry dissatisfaction. GAO noted that DCSA has not conducted a comprehensive assessment of the initiative’s performance or resource needs.
In addition, DCSA faces challenges with its current data system and has not consistently engaged end users during the development of a replacement platform. By not involving regional and military department officials in the development of its new industrial security data system of record, DCSA risks deploying a platform that resolves existing limitations.
GAO made four recommendations to address these issues:
- Develop enhanced analytic tools to improve regional risk assessments
- Implement a risk response plan to address workforce shortages
- Conduct a comprehensive evaluation of the NAESOC initiative
- Ensure continuous stakeholder engagement throughout the development of the new system
DOW concurred with all the recommendations.
Related Articles
The Defense Information Systems Agency has appointed Sharon McMillon, a senior IT and cybersecurity leader, as vice director for programs within the DISA J-6 Command, Control, Communications and Computers Enterprise Directorate. Several Department of War officials will speak at the 2026 Cyber Summit, where discussions will cover zero trust, artificial intelligence in cyber defense and post-quantum cryptography, as well as efforts to secure innovations for defense missions. The May 21 event will bring together government and industry leaders to address evolving cyber priorities and emerging threats. Save your seat now! In a LinkedIn post published Monday, DISA said McMillon, a
The General Services Administration has named Greg Hogan as director of Login.gov, succeeding Hanna Kim, who left the post after two years, NextGov/FCW reported Monday. What Will Greg Hogan Do in His New Role? Hogan will oversee a platform that supports identity verification across federal services, including processes that rely on facial recognition. He will work with two-time Wash100 Award winner Greg Barbaccia, the GSA chief information officer and acting director of the Technology Transformation Services. “[Hogan] will be focused on expanding the number of people and agencies successfully using Login.gov, enhancing the user experience, and improving the cost-effectiveness while continuing to meet the
Anthropic has unveiled Project Glasswing, a major cybersecurity initiative aimed at protecting critical global infrastructure, alongside a preview of its frontier AI model, Claude Mythos. The announcement signals a turning point in how artificial intelligence is reshaping cyber defense across government and industry. For government contractors operating in national security, defense and critical infrastructure sectors, the implications are immediate and far-reaching. To stay ahead of these rapidly evolving cybersecurity challenges, industry and government leaders will convene at the 2026 Cyber Summit on May 21, where experts will evaluate the impact of frontier AI models like Anthropic’s Claude Mythos and initiatives such as Project