The agency Responsible for safeguarding the nation’s nuclear weapons didn’t absolutely implement key practices that handle cybersecurity hazards on its pc methods, collectively with some used for weapons design, Based mostly on a current report. And neither did its contractors.
The Nationbroad Nuclear Safety Administration and its contractors Did not utterly implement six foundational cybersecurity hazard practices in its IT environments, Based mostly on a Authorities Accountcapability Office report launched on Thursday. That options regular and operational pc methods for manufacturing gear, constructing administration, And fullly different people That are “In contact with” nuclear weapons.
The NNSA absolutely carried out 4 of six cybersecurity hazard administration practices based on steerage from the Office of Management and Price range, Nationbroad Institute of Requirements and Know-how, and Committee on Nationbroad Safety Systems, the GAO found. And it partially carried out two fullly differents—creating and sustaining An group-broad regular monitoring method and documenting cybersecurity program insurance coverage policies and plans.
NNSA contractors are required To oversee their subcontractors’ cybersecurity measures, the efforts To Do this have been “mixed,” Based mostly on the report, with three of the seven contractors denying that doing so was a contractual obligation.
“These oversight gaps, at each the contractor and NNSA diploma, depart NNSA with little assurance that delicate information held by subcontractors is effectively protected,” the GAO reported.
The agency upheld 4 foundational cybersecurity practices, collectively with assigning hazard administration roles and duties, sustaining An group-broad cybersecurity hazard administration method, Maintaining with cybersecurity hazards, and designating administrations for information methods.
The GAO additionally found thOn the NNSA didn’t have right oversight of its contractors’ cybersecurity practices. Two of the seven contractors the GAO evaluated minimally carried out regular monitoring strategies, with Anfullly …….