Defense Department employees have procured thousands of printers, cameras and computers that carry known cybersecurity risks, and the practice may be continuing, according to an audit released Tuesday by the Pentagon’s inspector general.
More than 9,000 commercially available information technology products bought in fiscal 2018 could be used to spy on or hack U.S. military personnel and facilities, the report said. Without fixing oversight of such purchases, more risks lie ahead, potentially including perils for top-dollar weapons that use such “commercial-off-the-shelf” or COTS devices.
[House orders Pentagon to say if it weaponized ticks and released them]
The auditors also wrote that the Pentagon has a pattern of buying products from companies such as Huawei, ZTE or Kaspersky Lab long after other federal agencies have identified the companies as posing cybersecurity risks and right up until the point that Congress outlaws purchases from the companies.
What’s more, the report said the department’s list of approved commercial products still includes some that can pose cyber-risks, including computers made by Lenovo Group, China’s largest computer manufacturer, whose products contain cyberespionage hardware and software, according to U.S. authorities.
[Tech vanguard is dodging Pentagon]
“If the DoD continues to purchase and use COTS information technology items without identifying, assessing, and mitigating the known vulnerabilities associated with COTS information technology items, missions critical to national security could be compromised,” said the declassified and formerly secret report, which remains partially redacted.
The Pentagon did not immediately reply to a request for comment.
Known risks
The report is a window into part of a larger, wel ..
Support the originator by clicking the read the rest link below.
