Cyber defense

GAO Report: NNSA, Contractors Should Boost Cybersecurity for Nuclear Weapons

The Government Accountability Office has urged the National Nuclear Security Administration and its contractors to execute key cybersecurity practices to protect nuclear weapons and manufacturing tools they are developing.

According to a GAO report, implementing foundational cybersecurity risk management is essential because the systems are prone to cybersecurity attacks. Currently, NNSA is working with defense companies to integrate information systems into nuclear weapons, automate manufacturing equipment and use computer modeling to design weapons, Nextgoy reported.

The report noted that while six key practices were identified under federal law and policies for a cybersecurity program, NNSA and its contractors have yet to fully implement them in their operations. Such practices include identifying and assigning cybersecurity roles and responsibilities for risk management, establishing and maintaining a cybersecurity risk management strategy for the organization, and documenting and implementing policies and plans for the cybersecurity program.

GAO also raised concerns about the companies teaming up with subcontractors. The report states that the cybersecurity of subcontractors should be assessed by the main contractors in accordance with the NNSA cybersecurity directive. However, GAO found that three out of seven contractors believe they are not required to perform evaluations under their contracts.

The government watchdog encouraged NNSA to fully implement a continuous cybersecurity monitoring strategy, delegate risk management roles and responsibilities and enhance oversight and monitoring of subcontractor cybersecurity, among other recommendations.