A recent internal audit of the US Navy revealed that Pacific Fleet submarines and their tenders have not received internal and external cybersecurity inspections in recent years.
The audit — conducted by the Institute for Defense Analyses and obtained by Navy Times through a Freedom of Information Act request — detailed “the specter of cyber vulnerability among some of the sea service’s most potent platforms,” exposing lapses in the cybersecurity standards of the Naval fleets.
For example, the Navy’s Fleet Cyber Command did not inspect and assess the cybersecurity of 41 SUBPAC submarines and its two sub tenders. This was a requirement from 2016 to 2018. Furthermore, the fleet command failed to submit a proper explanation as to why the units were not inspected.
Blame on Short Staffing
The audit determined short staffing as one possible reason for the lack of inspections, despite these vulnerability evaluations being required every three years.
The auditors wrote that personnel said they did “not have enough staff” to meet the three-yearly inspection for all information systems, and therefore, they “excluded Navy submarine networks.”
The report recommended several reforms and Fleet Cyber Command agreed with the recommendations, Navy Times wrote.