A new government report revealed the serious vulnerabilities of U.S. weapons systems.
The Government Accountability Office (GAO) report determined that weapons produced by the Department of Defense (DOD) are susceptible to hacking, allowing enemies to breach the core systems and software of computers aboard weapons systems and allowing them to take control.
Inadequate management of system passwords, as well as unencrypted communication, are among the identified weak points. However, rapidly expanding system access points causes additional vulnerabilities that operators do not thoroughly understand.
Almost all weapons systems in development at the Pentagon are vulnerable to cyberattacks, according to a new federal report. pic.twitter.com/u0hyeOaVCm
— Newsy (@Newsy) October 10, 2018
The report also called out the U.S. military over inadequate cybersecurity factored into weapons systems’ design and acquisition. Those who developed the weapons reportedly don’t have enough understanding of cybersecurity threats posed to the computer-dependent weapons. Some officials believed the systems were secure enough to ward off cyber attacks.
“Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the GAO report said.
“In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing,” it noted.
The report mentioned an additional test, in which operators successfully hacked the weapons’ systems terminals. “They could see, in real-time, what the operators were seeing on their screens and could manipulate the system,” the report said.
“Another test team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.” https://t.co/6TPbr35g1x
— Zack Whittaker (@zackwhittaker) October 9, 2018
The report also noted that the DOD’s internal testers “routinely” identified cybersecurity vulnerabilities among “nearly all” weapons systems during their development.
“Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected. In some cases, system operators were unable to effectively respond to the hacks,” it said.
Although the report also noted that the DOD had taken some measures to improve weapons systems’ security, the GAO determined that the inadequate security measures thus far “will have long-lasting effects on the department.” It further estimated that the DOD “likely has an entire generation of systems that were designed and built without adequately considering cybersecurity.”
An unclassified version of the report released publicly did not specify which weapons systems had undergone testing and were identified as vulnerable, citing additional security risks.
The report trails the White House’s cyber strategy released last month which vowed to take a newly aggressive stance in addressing cyber threats. It was the first cyber strategy to be released by the White House in 15 years.
“We cannot ignore the costs of malicious cyber activity — economic or otherwise — directed at America’s government, businesses and private individuals,” President Trump said at the time.