The Government Accountability Office (GAO) has reviewed several Department of Defense (DoD) information technology programs and found that the agency’s IT development approaches and cybersecurity practices may be impacting cost and scheduling.
GAO said it reviewed 15 “major” DoD IT programs, and of those found that 11 programs had decreased cost estimates as of Dec. 2019, while cost estimates increased for the remaining four programs.
Programs with decreasing cost estimates showed declines of 0.03 percent to 33.8 percent, while among the four programs with rising cost estimates, two of those showed estimated increases of more than 20 percent. For programs with increasing cost estimates, DoD program officials cited a variety of reasons for the higher estimates including testing delays and development challenges.
GAO also looked at scheduling for the IT programs and found that ten of the 15 programs had schedule delays ranging from one month to five years.
Cyber and performance issues were cited as reasons for the delays, and programs reported mixed implementation of specific practices. All 15 programs reported developing cybersecurity strategies to help ensure that programs are planning for and documenting cybersecurity risk management efforts.
Only eight of the programs reported conducting cybersecurity vulnerability assessments, but these programs experienced fewer increases in planned program costs and fewer schedule delays compared to the programs that didn’t report using cybersecurity vulnerability assessments.
“In addition, 14 of the 15 programs reported using an iterative software development approach which, according to leading practices, may help reduce cost growth and deliver better results to the customer,” GAO wrote. “However, programs also reported using an older approach to software development, known as waterfall, which could introduce risk for program cost growth because of its linear and sequential phases of development that may be implemented over a longer period of time.”