By Andrea Shalal-Esa
(Reuters) – The U.S. Defense Department and General Services Administration on Wednesday mapped out six broad reforms to improve the cybersecurity of more than $500 billion in goods and services acquired by the U.S. federal government each year.
The guidelines come as the Pentagon’s chief weapons tester warned that military missions remained at “moderate to high risk” since local network operators were not always able to defend networks against determined cyberattacks.
A report released by the tester on Wednesday said scans of the networks used by weapons still showed missing software “patches” and vulnerabilities that allowed teams of government “hackers” to penetrate and exploit networks.
In their guidelines, the Pentagon and GSA underscored the importance of beefing up cybersecurity and cited escalating cyber threats from U.S. adversaries, hackers and criminals, as well as unintentional vulnerabilities and counterfeit parts.
“The federal government and its contractors, subcontractors, and suppliers at all tiers of the supply chain are under constant attack, targeted by increasingly sophisticated and well-funded adversaries to steal, compromise, alter or destroy sensitive information,” the report said.
In some cases, it said, foreign governments were targeting businesses “deep in the supply chain to gain a foothold and then ‘swim upstream’ to gain access to sensitive information and intellectual property.”