One year ago today the Department of Defense Inspector General (DoDIG) published a report to censure the military for the purchase of vulnerable Chinese computer equipment to the tune of $33 million. The report called out DoD management’s lack of accountability for cybersecurity and failure to communicate blacklisted products from Lexmark and Lenovo. It highlighted how such products from state-owned Chinese entities can potentially put Americans and America’s assets at risk when integrated into information networks. So what happened in 365 days? Nothing that’s public. What needs to happen? A cultural change.
The Audit of the DoD’s Management of the Cybersecurity Risks for Government Purchase Card Purchases of Commercial Off-the-Shelf Items describes $32.8 million in purchases of vulnerable