DLA critiqued for IT security failings

The Defense Department's inspector general has issued a report critical of the Defense Logistics Agency for shortcomings in implementing IT security controls.

The report, titled 'Review of the Information Security Operational Controls of the Defense Logistics Agency's Business Systems Modernization-Energy,' was released April 24 and follows an October 2005 Government Accountability Office report that reached many of the same conclusions.

The BSM-E (FAS) is a multifunctional, automated information system that provides a wealth of information'such as sale data collection, inventory control, finance and accounting, procurement, and facilities management'on the military's supply, use and purchase of fuels.

The audit found that the agency's chief information officer:
  • had not ensured that Business Systems Modernization-Energy (Fuels Automated System) was fully certified and accredited;
  • did not address all system security weaknesses in the plans of action and milestones;
  • did not make sure that adequate user access controls were in place, such as procedures to grant access to new users or close the accounts of individuals who left DLA;
  • failed to consistently provide users with annual security awareness training; and
  • did not complete and test systemwide continuity of operations plans.

'This occurred because DLA did not adequately assign information assurance ' responsibilities and have an effective management control program for IA,' the IG's report stated. 'As a result, BSM-E (FAS) operated with vulnerabilities that present potential risks to the DLA and the DOD.'

The CIO's office at DLA 'nonconcurred' with 12 of 16 recommendations, the IG report stated, and was nonresponsive to 14 recommendations and only partially responsive to another two.

The DLA response 'contained inaccurate dates and incorrect citations of DOD policy,' the report concluded. The DLA 'is required to develop a plan of action and milestones for all programs and systems where an information security weakness has been identified.'

The report suggested that the CIO 'reconsider her position' and provide more information by May 24.

Featured

  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.