Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Report: US Nuclear Security body failed to implement cybersecurity measures

October 2022 by Atlas VPN

A recent document acquired by Atlas VPN reveals that a federal watchdog chastised the US agency in charge of maintaining and modernizing the country’s nuclear arsenal for lax cybersecurity procedures that jeopardize both IT and operational technology networks.

The United States Government Accountability Office (GAO) issued an 81-page report on September 24th, 2022, outlining the National Nuclear Security Administration’s (NNSA) cybersecurity failings.

The NNSA is a separate agency within the Department of Energy (DOE) tasked with managing U.S. nuclear weapons at eight laboratory and production sites across the country.

According to the GAO, the NNSA and its contractors have not completely adopted six legally mandated cybersecurity standards, including basic risk management techniques and others.

NNSA failed to fully implement two out of six mandatory cybersecurity measures, including the development and maintenance of an organization-wide continuous monitoring strategy as well as the documentation of cybersecurity policies and plans.

NNSA contractors responsible for the management and operational activities have to adhere to the same strict standards, but they failed on multiple fronts as well. Most notably, they were unable to implement the same organization-wide monitoring strategy that NNSA struggled with.

Out of seven M&O (management and operating) contractors, four implemented the monitoring policy substantially, one partially, and two barely improved the cybersecurity measure.

Unlike NNSA, all contractors were able to document and maintain cybersecurity policies and plans according to the outlined standards.

However, four contractors assigned most, but not all, cybersecurity management roles and responsibilities. One M&O partner assigned only about half of the roles and duties.

The last area where some M&O contractors struggled was the establishment and maintenance of a cybersecurity strategy for the organization. Two partners implemented the measure substantially, while one only partially, which is around 50%.

Why GAO did this study

NNSA and its site contractors incorporate information systems into nuclear weapons, automate production equipment, and develop warheads using computer modeling.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts