Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

DoD Inspector General: Multiple Cybersecurity Flaws in Missile Defense System

December 19, 2018

As SC Media reported on December 17th (and we all need scary news over the holiday season, right?), several major holes have been found in defense facilities housing technical information on the nation’s ballistic missile defense systems (BMDS) that could prove disastrous to America’s ability to defend itself against an ICBM attack.

In a report filed last week, the Inspector General (IG) for the Department of Defense found systematic issues surrounding BMDS networks that process, store and transmit both classified and unclassified BMDS technical information. Some of the problems included not using multifactor authentication, protecting removable media holding classified information, encrypt BMDS technical information transmission and implement intrusion detection capabilities.

“We determined that officials did not consistently implement security controls and processes to protect BMDS technical information,” the report stated, “facility security officers did not consistently implement physical security controls to limit unauthorized access to facilities that managed BMDS technical information.”

The weapons in the ballistic missile defense system are not nuclear-tipped offensive missiles but are part of the nation’s land and sea-based defensive anti-missile systems.

“The disclosure of technical details could allow U.S. adversaries to circumvent BMDS capabilities, leaving the United States vulnerable to deadly missile attacks,” the report stated.

The report suggested eight recommendations be made:

  • using multifactor authentication
  • mitigating vulnerabilities in a timely manner
  • protecting data on removable media
  • implementing intrusion detection capabilities
  • enforce the use of multifactor authentication to access systems that process, store, and transmit BMDS technical
  • information or obtain a waiver from using multifactor authentication from the DoD Chief Information Officer
  • develop plans and take appropriate and timely steps to mitigate known vulnerabilities
  • encrypt BMDS technical information stored on removable media
  • assess gaps in physical security coverage and install security cameras to monitor personnel movements throughout facilities

To say this is cybersecurity 101 is an understatement. It is inconceivable that the US doesn't have all eight recommendations in place and enforcement monitored. Now that's really how "you'll shoot your eye out!" can come to be true. For the uninitiated, watch the movie "A Christmas Story."

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson