The US Department of Defense (DoD) is underprepared and at great risk of cybersecurity threats, a new report has suggested.

The DoD currently plans to spend more than $1.66 trillion to develop a series of new weapons systems, however, the Government Accountability Office report highlights shocking cybersecurity vulnerabilities.

Cybersecurity, the office says, is not a main priority for the DoD despite repeated warnings for a number of years. The GAO has raised concerns over weapon systems security and suggests that US military weapons, including missile systems and drones, are vulnerable to attacks aimed at seizing control.

Pentagon Cybersecurity Flaws

The GAO assessed the DoD’s cybersecurity abilities from 2012 to 2017, focusing on the department’s readiness to deal with an attack or breach of its weapon systems.

These assessments revealed that, in some cases, testers were able to infiltrate and seize control of weapons systems. In others, testers were able to identify administrator passwords in fewer than ten seconds.

Accessing these passwords was, by all means, a routine task due to the fact that the DoD did not change default passwords; they were even capable of searching the default password online. These penetration tests were highly effective, the report found, with attackers able to operate near-completely undetected.

The GAO report stated: “The Department of Defense (DOD) faces mounting challenges in protecting its weapon systems from increasingly sophisticated cyber threats.

“This state is due to the computerized nature of weapon systems; DOD’s late start in prioritizing weapon systems cybersecurity; and DOD’s nascent understanding of how to develop more secure weapons systems.”

Unknown Issues

The GAO report also suggested that the Pentagon is not fully aware of how bad its security vulnerabilities are. The limited nature of these tests means that there could be other, more significant issues yet to be discovered.

A significant number of vulnerabilities still remain unsolved, it said, with the Pentagon only addressing one in 20 verified security flaws. “For some reason,” the report continued, some vulnerabilities were not solved even though solutions had been put forward.

Positive Steps

The report acknowledged that the DoD has taken “several steps to improve weapon systems cybersecurity, including “issuing and revising policies and guidance to better incorporate cybersecurity considerations.”

Under the direction of the US Congress, the department has also launched a number of initiatives to better understand and mitigate vulnerabilities. The GAO added, however, that the department faces barriers that “could limit the effectiveness of these steps”, such as cybersecurity workforce challenges or difficulties in intelligence sharing.

Like this: Like Loading...