Risk assessment
GAO: Pentagon Background Check Systems Vulnerable to Hacking
The Government Accountability Office has revealed in a recent report that vulnerabilities plague the Pentagon’s background check systems for federal employees.
The Defense Counterintelligence and Security Agency, responsible for vetting personnel, failed to fully implement cybersecurity measures outlined in the Department of Defense’s Risk Management Framework, Defense One reported.
Following a 2015 hack at the Office of Personnel Management, background investigations were moved to the DCSA to enhance cybersecurity. However, the new National Bureau of Investigations Services system is unfinished, leading to a reliance on outdated IT systems.
The June 20 GAO report identified several shortcomings, including a lack of comprehensive risk assessments and incomplete implementation of privacy controls. Such deficiencies leave sensitive information susceptible to unwanted disclosures and alterations, according to the agency.
The watchdog agency made 13 recommendations to improve oversight and task completion, all of which were accepted by the Pentagon except the one regarding updating risk management policies.
According to the report, the DSCA plans to phase out old systems by the end of the year.
Category: Cybersecurity