Defense Department employees have procured thousands of printers, cameras and computers that carry known cybersecurity risks, and the practice may be continuing, according to an audit released Tuesday by the Pentagon’s inspector general.
More than 9,000 commercially available information technology products bought in fiscal 2018 could be used to spy on or hack U.S. military personnel and facilities, the report said. Without fixing oversight of such purchases, more risks lie ahead, potentially including perils for top-dollar weapons that use such “commercial-off-the-shelf” or COTS devices.
Read more here.
John M. Donnelly , July 30, 2019
The auditors also wrote that the Pentagon has a pattern of buying products from companies such as Huawei, ZTE or Kaspersky Lab long after other federal agencies have identified the companies as posing cybersecurity risks and right up until the point that Congress outlaws purchases from the companies.
What’s more, the report said the department’s list of approved commercial products still includes some that can pose cyber-risks, including computers made by Lenovo Group, China’s largest computer manufacturer, whose products contain cyberespionage hardware and software, according to U.S. authorities.