Despite the Department of Defense (DoD) placing a renewed emphasis on addressing recommendations made to the agency by the Government Accountability Office (GAO), a recent report from the Federal watchdog reveals that DoD’s implementation rate on recommendations continues to fall short of the government-wide average.
As of November 2023, the government-wide average for implementing recommendations made four years ago was 75 percent, while DoD’s implementation rate stood at 69 percent. As of June 2024, DoD faced 1,447 open GAO recommendations – with several targeting the department’s cybersecurity posture, technological investments, and operational readiness.
Since GAO’s June 2023 report to the DoD, the department has implemented 19 of 89 recommendations tagged as priority, spanning 2011 to 2021. The Federal watchdog included an additional 22 priority recommendations in this report, bringing the total number of priority recommendations to 90.
Here are some of the cybersecurity and technology related recommendations in GAO’s Open Recommendation report.
GAO Flags Critical Cybersecurity and Information Environment Priorities
GAO put forth ten critical recommendations aimed to bolster the DoD’s defenses against increasing global cyber threats. These recommendations aim to elevate cybersecurity standards within weapon systems, enhance cyber hygiene protocols, strengthen personnel vetting procedures, and fortify privacy programs.
For example, one recommendation advises DoD to monitor the effectiveness of network protection practices against prevalent cyberattack techniques, aiming to identify and rectify potential vulnerabilities.
GAO said DoD had not implemented this recommendation as of April 2024.
“To fully implement this recommendation, DoD should identify a DoD component to oversee the seven tasks in the Cybersecurity Discipline Implementation Plan that are not overseen by the [Chief Information Officer] and report on their progress,” the report reads.
Another key recommendation urges DoD to revise the development schedule for the National Background Investigation Services (NBIS) system to align with industry best practices, ensuring a more reliable timeline and facilitating strategic decision-making in government-wide personnel vetting reforms.
“Implementing this recommendation could give DoD and Congress greater confidence in the system’s schedule and provide better information to stakeholders and Congress on progress in reforming the government-wide personnel vetting process,” the report reads.
Just last month, GAO said that DoD’s Defense Counterintelligence and Security Agency (DCSA) – which is responsible for conducting background investigations for most Federal agencies – needs to put in place improved cybersecurity oversight processes to mitigate security risks posed by its outdated and developing IT systems. DCSA, the report says, is using a mix of legacy IT systems formerly owned by the Office of Personnel Management (OPM) along with newer but still-in-development DoD NBIS systems.
GAO Urges DoD to Enhance Weapon Acquisition Programs with Science and Tech
GAO made 13 recommendations related to acquisitions and contract management at DoD. Nine of the 13 focus on enhancing the DoD management of its most expensive weapon acquisition programs, which are set to exceed $2 trillion in investment.
According to GAO, despite these significant investments, DoD faces challenges in rapidly delivering cutting-edge technologies to gain an edge over adversaries.
To address this issue, the Federal watchdog suggested implementing measures, such as defining a science and technology management framework. This framework would “emphasize leveraging existing flexibilities to swiftly initiate and terminate projects, aligning with the pace of innovation,” the report reads.
DoD Should Speed Comments, GAO Says
In recent audits, GAO found DoD consistently missed deadlines, submitting approximately half of agency comments and nearly 70 percent of sensitivity reviews late during the reporting periods.
GAO continues to audit DoD’s timeliness in reviewing draft reports, as mandated by the National Defense Authorization Act for Fiscal Year 2023, which requires GAO to report every six months on DoD’s adherence to deadlines for submitting comments and sensitivity/security reviews.
These delays impact GAO’s ability to provide timely reports for congressional oversight, the watchdog agency said.
