Updating DoD Financial Systems Would Improve Cybersecurity, IG Says

In a follow-up to the Department of Defense’s (DoD) Fiscal Year 2019 audit, the Office of the Inspector General (IG) explained in a Jan. 28 report how critical financial management improvements could boost cybersecurity at the agency.

“The audit—and more accurate financial statements—enables Congress and the public to obtain a more accurate assessment of how the DoD spends its money; helps the DoD fix vulnerabilities in information technology systems; helps identify and prevent wasteful practices; and also assists the DoD in improving its operations,” Glenn Fine, principal deputy IG, explained in the new report.

IG explained that many of DoD’s financial management systems are also used for operational IT purposes. Effective internal controls and proper cybersecurity protocols are a necessary part of the agency’s financial management system because compromised financial systems undermine DoD operations. As of the FY2019 audit, most DoD systems have material IT weaknesses including inadequate access and security management controls.

“DoD must defend its own networks, systems, and information from cyberattacks. Improving internal controls over IT systems that process financial information can help the DoD both protect against and rapidly respond to cyber threats across different networks and systems,” IG states in the report.

For example, DoD should have processes in place to isolate a user’s account in the wake of an IT vulnerability in its financial management system, the IG suggested. A thorough review of IT systems would help ensure that a known vulnerability does not exist throughout other DoD departments.

IT, specifically ensuring that access to financial systems is limited to only individuals who need it for specific purposes, is still a priority for DoD’s acting secretary of defense, according to the report.