Navigation
Download the AMN app for your mobile device today - FREE!

DOD weapons systems can easily be controlled by hackers, new government report says

The Air Force Distributed Common Ground System (AF DCGS), also referred to as the AN/GSQ-272 SENTINEL weapon system, is the Air Force’s primary intelligence, surveillance and reconnaissance (ISR) collection, processing, exploitation, analysis and dissemination (CPAD) system. (U.S. Air Force/Released)
October 10, 2018
834 Shares

A new government report revealed the serious vulnerabilities of U.S. weapons systems.

The Government Accountability Office (GAO) report determined that weapons produced by the Department of Defense (DOD) are susceptible to hacking, allowing enemies to breach the core systems and software of computers aboard weapons systems and allowing them to take control.

Inadequate management of system passwords, as well as unencrypted communication, are among the identified weak points. However, rapidly expanding system access points causes additional vulnerabilities that operators do not thoroughly understand.

The report also called out the U.S. military over inadequate cybersecurity factored into weapons systems’ design and acquisition. Those who developed the weapons reportedly don’t have enough understanding of cybersecurity threats posed to the computer-dependent weapons. Some officials believed the systems were secure enough to ward off cyber attacks.

ADVERTISEMENT

“Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the GAO report said.

“In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing,” it noted.

The report mentioned an additional test, in which operators successfully hacked the weapons’ systems terminals. “They could see, in real-time, what the operators were seeing on their screens and could manipulate the system,” the report said.

The report also noted that the DOD’s internal testers “routinely” identified cybersecurity vulnerabilities among “nearly all” weapons systems during their development.

“Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected. In some cases, system operators were unable to effectively respond to the hacks,” it said.

Although the report also noted that the DOD had taken some measures to improve weapons systems’ security, the GAO determined that the inadequate security measures thus far “will have long-lasting effects on the department.” It further estimated that the DOD “likely has an entire generation of systems that were designed and built without adequately considering cybersecurity.”

ADVERTISEMENT

An unclassified version of the report released publicly did not specify which weapons systems had undergone testing and were identified as vulnerable, citing additional security risks.

The report trails the White House’s cyber strategy released last month which vowed to take a newly aggressive stance in addressing cyber threats. It was the first cyber strategy to be released by the White House in 15 years.

“We cannot ignore the costs of malicious cyber activity — economic or otherwise — directed at America’s government, businesses and private individuals,” President Trump said at the time.

834 Shares