Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

GAO Report: The Pentagon’s Weapons Systems Are Vulnerable to Cyberattacks

October 11, 2018

The Washington Post reported on October 10^th that the Government Accountability Office issued a report on Weapons System Cybersecurity on October 9^th. And the news isn't good. According to the report, the Pentagon's multibillion-dollar weapons systems are riddled with cybersecurity vulnerabilities. Military leaders are said to have ignored the problem for years, turning a blind eye to security weaknesses in newly developed systems that could potentially thwart military missions.

The GAO says that the military leaders did not take seriously the findings of Defense Department teams who "routinely found mission critical cyber vulnerabilities in nearly all weapons systems that were under development" for five years until 2017. "Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected." But even though some systems were so fragile that merely scanning them caused them to shut down, military officials who met with the watchdog "believed their systems were secure and discounted some test results as unrealistic."

The scary takeaway is this: "Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity."

This report is the first by the GAO to examine the cybersecurity of weapons systems. "The GAO report released today highlighted a shocking reality: just how far behind we actually are in adequately protecting our weapons systems and industrial suppliers from cyber threats," said Sen. James M. Inhofe (R-Okla.), the Armed Services Committee chairman. "I am pleased that this report helps identify vulnerabilities and supports this year's [National Defense Authorization Act], which increased investment in cyber infrastructure."

The report covered aircraft, ships, combat vehicles, satellites and other equipment, but didn't disclose which specific vulnerabilities or military programs it reviewed because such information is classified. But the GAO said cyberattacks on weapons systems could "limit the weapon's effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life."

"If a DOD network is compromised by a state adversary like Russia or China, our own weapons systems could theoretically be used against us. That's a scary proposition," said Jay Kaplan, a former National Security Agency cybersecurity analyst and security researcher for the Pentagon. "It might be a little far-fetched, and would probably require physical access and some very focused expertise. But when you are funded at the nation-state level to do this type of stuff, anything is in the realm of possibility, and that's what's most frightening about this report."

Pentagon testing teams found critical vulnerabilities in "nearly all" weapons systems that were under development or being tested between 2012 and 2017 and were able to gain full control of many systems. They didn't need sophisticated tools to do so, according to the report. Some weapons systems used software with passwords that testers guessed easily. The report also said some systems didn't encrypt their communications, meaning an attacker could read an administrator's username and password and use those credentials to gain greater access to the system. Cybersecurity 101 – it boggles the mind that this could be possible.

It could be especially difficult for the Pentagon to bring its weapons systems up to par because the problems are rooted in the supply chain. Adding safeguards after a system has been deployed is costly and complicated, the GAO noted. And even if the Defense Department makes its new systems more secure, they could still be at risk if they're connected to older, less-secure systems.

For anyone who cares about our nation's security, this report is horrifying.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

GAO Report: The Pentagon’s Weapons Systems Are Vulnerable to Cyberattacks

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer