Posted on October 10, 2018 at 7:41 PM
Pentagon developing weapons systems still remain unsecured
A recent government report claims that new weapons systems being developed by the Pentagon are vulnerable to hacking attacks. The Tuesday report criticized US Department of Defense’s systems, claiming that adversaries can easily hack into them and disrupt them.
The Pentagon supposedly responded by claiming that they were not aware of how easy it would be to gain access to the weapons’ software. What’s worse, the hackers could have easily remained undetected while operating inside the hacked systems.
The weak points are many, and they start with very poor password protection. Besides the weak password management, the report also claims that the system’s communications are unencrypted and easy to access. Not only that, but the access points also continue to expand in number, and not even the operators themselves understand them properly. This leaves the entire network completely vulnerable and open to invaders.
The US Military’s cybersecurity oversight
The report continues to criticize such poor security by placing the blame on US military for not implementing higher cybersecurity standards. The design and even the acquisition process itself remain highly vulnerable even now. However, the report also admits that most weapon developers over make this oversight due to low understanding of cybersecurity issues and potential dangers.
The GAO commented by saying that the lack of cybersecurity in weapon systems likely resulted in an entire generation of badly secured systems. These systems were not created with cybersecurity in mind, which is a huge oversight on DOD’s behalf. It also mentioned a case where a two-person test team managed to gain access to a weapon system in only one hour. Additionally, the team managed to take full control over the system within a day. Luckily, this was only a testing operation, otherwise, the consequences could have been catastrophic.
The GAO mentions another case where the test team managed to gain control of the system operators’ terminals. This achievement allowed them to hear and see everything that the operators themselves were seeing, and in real time as well. An incident like this could allow huge system manipulations if hacked by adversaries.
The US continues to struggle with foreign hacking attacks
The public version of this report was, of course, discrete regarding the weapon systems in question. The arms systems where the flaws are discovered for now remain secret. However, the report also mentions the fact that weapon system testers managed to find dangerous vulnerabilities in almost all developing systems between the years of 2012 and 2017.
Additionally, such flaws were easily discovered through the use of simple techniques and tools, which also allowed taking control over said systems. All of this was performed while remaining undetected by the systems’ default security, which made operators unable to respond to the “threat”.
Obviously, the situation would not be as bad as it is if the Pentagon and other weapon developers were not working on interconnecting these systems. As the dependence on networking and software continues to rise, the security of the network needs to follow as well. The threat to such systems is larger than ever, especially after the US government’s efforts to match and defeat the efforts by Russian and Chinese hackers.
These hackers, suspected of being state-backed, have already grown to be a threat to both the government and private sector alike. Their goals so far were pinpointed to data theft, but also to simply causing as much disruption as possible, on multiple occasions.