The Pentagon can’t keep tracks of its software, according to an inspector general report released Tuesday, with officials urging the department’s chief information officer (CIO) to implement new inventory management practices needed to prevent cyber risks.
DoD’s inspector general said the issues require new regulations across the services to maintain accurate inventories of software and avoid buying duplicate products.
Tuesday’s report focused specifically on the Air Force, Marine Corps and Navy, but did not include the Army, which had its software inventory practices recently reviewed by its own audit agency.
“The Marine Corps, the Navy, and the Air Force commands and divisions we reviewed did not consistently rationalize their software applications,” the inspector general’s office wrote in its report. “Furthermore, none of the commands or divisions we reviewed maintained accurate software inventories to facilitate that process.”
The report said DoD CIO Dana Deasy has yet to implement new software rationalization practices required by the Federal Information Technology Acquisition Reform Act, instead focusing efforts on data center consolidation.
“This occurred because the DoD Chief Information Officer did not implement an enterprise-wide solution for software application rationalization in response to Federal Information Technology Acquisition Reform Act requirements and, instead, limited rationalization to data center consolidation efforts,” officials wrote in the report. “The DoD and its components are exposing the DoD Information Network to unnecessary cyber security risks because they lack visibility over software application inventories and, therefore, are unable to identify the extent of existing vulnerabilities associated with their owned software applications.”
The inspector general is recommending Deasy develop an enterprise-wide process for software application rationalization, establish guidance for the service components to process their software and call for the CIO office to conduct periodic reviews to ensure validation and accuracy of inventories.
Deasy has not provided a response to the recommendations included in the report, according to the inspector general’s office, which has requested the CIO’s comments by Jan. 11.
“DoD CIO in coordination with the DoD CMO have been working together to develop a comprehensive business application and software rationalization effort,” Heather Babb, a Pentagon spokesperson, told Defense Daily.