The Government Accountability Office said in a new report that it has 11 open recommendations to the Defense Department (DoD), among a total of 1,106 outstanding open recommendations to the agency. GAO said that 48 of the total number of open recommendations are included in sensitive reports.
The 11 cybersecurity-related recommendations include ones related to cybersecurity guidance, coordination, work roles, and cyber hygiene, GAO said.
“According to DOD’s Principal Cyber Advisor, cybersecurity experts estimate 90 percent of cyberattacks could be defeated by implementing basic cyber hygiene practices,” GAO wrote. “However, in our April 2020 report, we found that DOD had not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene – including the 2015 DOD Cybersecurity Culture and Compliance Initiative, the 2015 DOD Cyber Discipline Implementation Plan, and DOD’s Cyber Awareness Challenge training.”
GAO covered some of the same ground on DoD cybersecurity recommendations in an report issued last month.
Among those recommendations are: one recommendation on updating guidance to clarify roles and responsibilities of relevant entities and officials to support civil authorities in a cyber incident; four recommendations related to developing plans to comprehensively assess and identify specific Cyber Mission Force training requirements; and five recommendations for the Secretary of Defense to improve cyber hygiene.
DoD fully concurred with six of the recommendations, partially agreed to three, and did not concur with two of them. The two it did not concur with were recommendations to the Secretary of Defense which include ensuring that the agency identify a DoD component to oversee Cybersecurity Discipline Implementation Plan tasks, and directing a component to monitor which practices are implemented to protect DoD networks from key cyberattack techniques.