武器系统网络安全:国防部借助指南来更好地与承包商沟通项目要求(译文)

Weapon System Cybersecurity Guidance Would Help DOD Programs Better Communicate Requirements to Contractors

美国防部武器系统的网络安全问题一直以来是美军关注的重点。美国政府问责署(GAO)近期审查发现,与过去的国防部采购项目相比,目前的采购项目在开发过程中进行了或计划进行更多的网络安全测试。然而,GAO发现,多个采办项目合同中未明确网络安全要求,也未制定采用或拒绝以及验证的标准。国防部和各军种已经制定了一系列政策和指南来改善武器系统的网络安全,但这类指导文件通常没有具体说明如何在合同中明确网络安全要求、验收标准和验证过程。GAO审查发现,只有空军发布了内部指南,详细说明了采办项目应如何定义网络安全要求,并将这些要求纳入合同。报告建议陆军、海军和海军陆战队就如何将网络安全要求纳入项目合同提供指导。

The cybersecurity of DoD weapon systems has long been a key concern of the U.S.military.The US Government Accountability Office(GAO)found that compared with previous defense procurement projects,current procurement projects have been developed or planned more network security tests.However,GAO found that there are no clear network security requirements in multiple procurement projects,and they did not adopt or reject or verify the standards.DoD and the services have developed a series of policies and guidelines to improve the cybersecurity of weapon systems,but such guidelines usually do not specify how to clarify cybersecurity requirements,acceptance standards and validation procedures in the contract.GAO also found that only the Air Force issued an internal guide detailing how the procurement project should define cybersecurity requirements and incorporate these requirements into the contract.The report recommends that the U.S.Army and Navy should provide guidance on how to integrate cybersecurity requirements into project contracts.