During development on the Army side, typically its The Director, Operational Test & Evaluation (DOT&E) that handles requirements such as information assurance / cyber security for weapon systems. They even go so far as to ensure the Threat Systems Management Office (TSMO) Red Team gets involved while the system is still in development. However, after the development portion is complete and the system is in production, it becomes harder to update / patch due to those actions taking additional funding that wasn't allotted during the acquisition phases (e.g., paying a software engineer to develop those patches or make those configuration changes).
Fortunately, thanks to Section 1647 of the 2016 National Defense Authorization Act titled "Evaluation Of Cyber Vulnerabilities Of Major Weapon Systems Of The Department Of Defense", Congress has allocated $200mil for the Program Managers to get their cyber security vulnerabilities fixed. DOT&E has been working to accomplish this task, but there are a lot of Army weapons systems that need to be assessed.
Posted on 04/27/2017 at 09:09 PM