GAO Report Spotlights Delays and Gaps in DOD IT Programs

Original Broadcast 6/29/25

Vijay D’Souza, Director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), joins Fed Gov Today to discuss the GAO’s latest annual review of the Department of Defense’s major IT business systems. The findings present a sobering picture of cost and schedule performance across the department’s key technology programs.

Of the 24 DOD IT business systems analyzed, 14 experienced either cost increases or schedule delays—some both. The median cost increase was a staggering $173 million, while the average delay was 15 months. According to D’Souza, these setbacks stem largely from shifting requirements, challenges in testing and evaluation, and persistent workforce and staffing issues.

However, there were encouraging signs in how some programs are adopting more modern development methodologies. Eleven of the programs are currently using agile and iterative software development approaches, which D’Souza sees as a positive step forward. “The fact that they were using agile, as opposed to an older waterfall approach, is actually a good news story,” he said. Yet, some programs were unable to fully demonstrate the application of agile practices using standard tools like burn-down charts and cumulative flow diagrams—raising concerns about the depth of adoption.

Cybersecurity remains another area of concern. Although progress has been made since the GAO’s 2022 report, two programs still lack approved cybersecurity strategies, and four have not yet developed plans to implement a zero trust architecture in line with the DOD’s 2027 deadline. While GAO stopped short of issuing a formal recommendation this year, D’Souza warned that further inaction could jeopardize those programs’ compliance as the deadline approaches.

The GAO also began examining artificial intelligence in this year’s review—a reflection of the technology’s growing relevance in federal IT systems. D’Souza notes that future evaluations will expand to include AI implementation and governance.

Despite the challenges, D’Souza expressed cautious optimism: “The folks at DOD and the CIO’s office are trying hard to address some of these issues... but they’re really not there yet.” The GAO’s ongoing oversight will continue to track DOD’s progress and highlight areas for improvement.

Key Takeaways:

• 14 of 24 DOD IT programs had cost or schedule issues; average delay: 15 months.

• Agile practices are being used but not always implemented thoroughly.

• Cybersecurity strategy gaps persist, with deadlines for zero trust adoption looming.