Organizations within the National Nuclear Security Administration bureaucracy are reviewing a draft cybersecurity directive the agency wrote after a third-party review, the weapons steward told the Government Accountability Office last week.
The semiautonomous Department of Energy weapons agency planned to issue a final supplemental directive, titled Baseline Cybersecurity Program, by April 30, according to the agency’s response to recent Government Accountability Office (GAO) findings, published Thursday.
The National Nuclear Security Administration (NNSA) wrote a draft directive after the Institute for Defense Analysis reviewed the agency’s compliance with federal cybersecurity requirements, according to the GAO report, “Nuclear Weapons Cybersecurity: NNSA Should Fully Implement Foundational Cybersecurity Risk Management Practices.”
In 2020, the NNSA’s business operations database was breached by hackers who exploited a weakness in software provided by the company SolarWinds. The hack also hit other Department of Energy networks. News of the hack broke a few days before Congress passed the fiscal year 2020 National Defense Authorization Act, as part of which lawmakers ordered the GAO investigation that led to Thursday’s report and recommendations.
