The Department of Defense’s Inspector General is expanding the scope of a previously announced investigation into the cybersecurity risks related to drones.

In March, the IG’s office kicked off an audit to ensure that the Pentagon had followed cyber and physical security controls for select unmanned aerial systems. But in a June 18 announcement, the IG’s office said that over the course of several site visits it determined there were additional cybersecurity risks related to commercial products.

As a result, the IG is changing its original objective.

“The reannounced audit objective is to determine whether the DoD is assessing and mitigating cybersecurity risks when purchasing and using select commercial items,” the IG memo states.

The acknowledgement is emblematic of the growing threat vector and vulnerability connected systems pose.

Congress took aim at a similar issue in the 2016 annual defense authorization bill, mandating an assessment of the cyber vulnerability of major weapon systems.

The DoD IG said it will perform its audit at the offices of the Under Secretary of Defense for Acquisition and Sustainment; the DoD Chief Information Officer; the military departments; U.S. Cyber Command; the National Security Agency; the Defense Information Systems Agency; and the Defense Logistics Agency. Additional locations might be identified during the audit.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Unmanned