Weapon Systems Cybersecurity: Guidance Would Help DOD Programs Better Communicate Requirements to Contractors, Report to Congressional Committees [open pdf - 1MB]
From the Highlights: "DOD's network of sophisticated, expensive weapon systems must work when needed, without being incapacitated by cyberattacks. However, GAO [Government Accountability Office] reported in 2018 that DOD was routinely finding cyber vulnerabilities late in its development process. A Senate report accompanying the National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to review DOD's implementation of cybersecurity for weapon systems in development. GAO's report addresses (1) the extent to which DOD has made progress in implementing cybersecurity for weapon systems during development, and (2) the extent to which DOD and the military services have developed guidance for incorporating weapon systems cybersecurity requirements into contracts. GAO reviewed DOD and service guidance and policies related to cybersecurity for weapon systems in development, interviewed DOD and program officials, and reviewed supporting documentation for five acquisition programs. GAO also interviewed defense contractors about their experiences with weapon systems cybersecurity."
Government Accountability Office: https://www.gao.gov/