The US Marine Corps, the Navy, and the Air Force are not keeping track of their software inventories, according to a report[1] released today by the US Department of Defense Inspector General (DOD IG).
Auditors said management at many services part of these three military branches "did not consistently rationalize their software applications" leading to situations where they acquired duplicate applications, underutilized, or used obsolete software.
The only military service that had a process in place for eliminating duplicative or obsolete applications was the US Fleet Forces Command.
Marine Corps divisions and Navy commands also had a system in place to detect duplicate software before acquisitions but did not keep track of obsolete software.
But the report's general finding was that none of the commands or divisions that are part of the three military branches maintained accurate software inventories, all having gaps in the image of their own internal IT network.
DOD IG auditors raised the concern that this leads to situations where US military services are underutilizing their software systems, and are unaware of all their true capabilities.
There is also the issue with costs, with Marine, Navy, and Air Force divisions buying software that they already have, not replacing antiquated software, or paying maintenance costs for software applications they don't need anymore.
But above all, auditors said that the lack of an up-to-date software inventory leads to cyber-security risks that come from not knowing if all software was patched against recent vulnerabilities.
The cyber-security issue that results from not having a full view of its software inventory was already known to the DOD Chief Information Officer (CIO), who in a July 10, 2018 memorandum to DoD officials, said the DoD has yet to report over