Saturday, June 17, 2023

GAO Reports – Week of 6-10-23 – Nuclear Weapon Cybersecurity

This week, the Government Accountability Office (GAO) published a report on “Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems”. The report provides an overview of actions the National Nuclear Security Administration (NNSA) has taken in response to recommendations made an earlier (GAO-22-104195) GAO report.

While NNSA and GAO have an odd definition of the term ‘nuclear weapons IT’ (it includes the ‘weapon control unit inside the B61-12 gravity bomb’ for instance), the definition of operational technology is only lightly focused on manufacturing related technology. “NNSA uses operational technologies (OT) in the processes, equipment, materials, and products employed in the production of nuclear weapons. Examples of OT systems include building safety systems (e.g., fire suppression systems) or an additive manufacturing system used to print polymer components.” (pg 1)

To give one an idea of where NNSA is in its cybersecurity voyage, the report notes that (pg 3):

“NNSA’s efforts to address cybersecurity at the system level in the OT environment remain in the early stages of development and implementation. In our September 2022 report, we noted that NNSA has made limited progress—after several years of effort—to implement risk management practices that would help it inventory OT systems and assess and mitigate the risks to such systems. NNSA has estimated that there could be hundreds of thousands of OT systems at sites across the nuclear security enterprise.”

 

There are no new cybersecurity recommendations made in this report.

No comments:

 
/* Use this with templates/template-twocol.html */