The standard IT setting contains pc methods used for weapons design, however each the NNSA and its contractors have “not absolutely applied a steady monitoring technique as a result of their technique paperwork have been lacking key really useful parts,” the report mentioned.
“With out such parts, NNSA and its contractors lack a full understanding of their cybersecurity posture and are restricted of their potential to successfully reply to rising cyber threats,” the report says.
“NNSA has not but absolutely applied any foundational threat administration practices on this setting, and it’s nonetheless growing particular steerage for contractors,” the report says. “That is partially as a result of NNSA has not but decided the assets it must implement practices and develop steerage.”
It has additionally not developed “a cyber threat administration technique to deal with nuclear weapons IT-specific threats.”
As well as, the report says, “NNSA’s cybersecurity directive requires contractors to supervise their subcontractors’ cybersecurity measures however contractors’ efforts to supply such oversight are blended, and three of seven contractors don’t imagine it’s a contractual duty.”
“These oversight gaps, at each the contractor and NNSA stage, go away NNSA with little assurance that delicate data held by subcontractors is successfully protected.”