"GAO Finds OT and IT Cybersecurity Gaps at Nuclear Security Agency"

According to a new Government Accountability Office (GAO) study, the National Nuclear Security Administration (NNSA) and its contractors have not fully implemented foundational cybersecurity risk practices in their traditional IT environment. Current US nuclear weapons were developed during the Cold War, when computer capabilities were in their infancy and cyber vulnerabilities were not taken into account. The weapons currently in the US' nuclear stockpile contain very little digital technology. However, the NNSA will continue to maintain and modernize the stockpile over the next two decades. In doing so, the NNSA intends to increasingly integrate digital systems into nuclear weapons, automate manufacturing processes and equipment, and rely on advanced computer processing capabilities to assess and predict the performance of the weapons. Malicious actors can hack, corrupt, or subvert digital systems like these. They can also be affected by equipment failures, software coding errors, or employee errors. Federal laws and policies have suggested key practices for setting up a cybersecurity management program, including identifying and assigning cybersecurity roles and responsibilities for risk management, designating controls that are available for information systems or programs to inherit, and more. The GAO discovered that the NNSA and its contractors had not completely implemented these risk management practices in their traditional IT, Operational Technology (OT), and nuclear weapons IT environments. This article continues to discuss key findings, points, and suggestions in GAO's report on nuclear weapons cybersecurity. 

HSToday reports "GAO Finds OT and IT Cybersecurity Gaps at Nuclear Security Agency"