Skip to Content

Pentagon. Wikipedia

New report highlights Pentagon’s cyber flaws

A US federal report has revealed glaring cyber vulnerabilities in US weapons systems. The Government Accountability Office (GAO) report also found that defense officials believed the security measures were able to defeat hackers, even though outside teams were easily able to penetrate systems.

Published: October 27, 2018, 10:53 am

    Read more

    The GAO report revealed that most weapons systems it tested had deep cyber flaws. It is “likely has an entire generation of systems that were designed and built without adequately considering cybersecurity” the report stated.

    Last month, the military publicly acknowledged at a Senate hearing that it struggled with recruiting cyber specialists. Lt. Gen. Stephen Fogarty, the commander of US Army Cyber Command, told lawmakers of “a challenge in retaining the core skills that we need”.

    Edgard Capdevielle, CEO of industrial cybersecurity firm Nozomi Networks, said that the report highlighted the scope of the Pentagon’s failure to maintain cyber security. Capdevielle said it was “not entirely surprising that military leaders turned a blind eye to security weaknesses within the Pentagon’s multibillion-dollar weapons systems”.

    “Addressing cybersecurity vulnerabilities after the fact is a monumental task, so it’s unfortunate that the military failed to take action despite continued warnings from the Government Accountability Office,” he told The Hill.

    A defense authorisation bill for fiscal 2016 had ordered the Pentagon to test for cyber weaknesses in weapon systems and upgrades to counter cyber attacks.

    But the Pentagon has systematically failed to evalue the extent of cyber threats to America’s most powerful weapons, the report warned. “Military members’ lives could depend on the weapon system working as it’s supposed to,” according to Bob Taylor, former Pentagon advisor.

    Taylor suggested that the problem was the culture at the Pentagon. He urged military leaders to put pressure on Pentagon officials regarding cyber security practices and risks.

    “I think that there really needs to be a strong message the people will be held accountable for not adequately responding to the shortcomings that have been revealed, and to create a culture of real care and attention to the vulnerabilities that the network weapons systems create,” he said.

    “That could be a matter of life and death,” he added. Taylor was an Obama administration appointee.

    John Harmon, a former NSA analyst, said that many Pentagon officials are too focused on getting weapons systems to comply with necessary regulations. “Compliance is not security, it’s compliance,” Harmon said.

    He also noted that while cyber standards must constantly be updated, many weapons systems, like ships, are built to last for decades. “Some of these systems again were built a long time ago. And sure, they might be compliant with when they were put out, but they’re not up to date when it comes to there being some kind of a system that actually protects these things from some kind of sophisticated adversary.”

    Examples of how hackers are able to penetrate weapons systems, were presented showing how systems could be disrupted, changed and data could be downloaded. Parts of a system could even be shut down while scanning for cyber flaws.

    In one notable case, a weapons system was actually taken over in just one day by a team of hackers. They said the Pentagon was still “in the early stage of trying to understand how to apply cybersecurity to weapon systems”.

    A Pentagon spokesperson, asked to comment on the report, said in a statement to The Hill that the department “takes threats to our nation seriously”.

    “We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our Defense Industrial Base and Defense Critical Infrastructure partners to secure critical information,” the spokesperson said.

    Jim Langevin, a Democrat member of the House Armed Services Committee and co-founder of the Congressional Cybersecurity Caucus, said he was “not surprised” by the report’s findings. “While DoD has made progress in lowering its cybersecurity risks, it has not moved fast enough,” he said in a statement.

    The 2018 defense authorisation bill has gone even further, mandating that the department detail a budget for their cybersecurity efforts.

    US Cyber Command is a standalone agency, and not housed within the US National Security Agency (NSA).

    Keep ​your language polite​. Readers from many different countries visit and contribute to Free West Media and we must therefore obey the rules in​,​ for example​, ​Germany. Illegal content will be deleted.

    If you have been approved to post comments without preview from FWM, you are responsible for violation​s​ of​ any​ law. This means that FWM may be forced to cooperate with authorities in a possible crime investigation.

    If your comments are subject to preview ​by FWM, please be patient. We continually review comments but depending on the time of day it can take up to several hours before your comment is reviewed.

    We reserve the right to del​ete​ comments that are offensive, contain slander or foul language, or are irrelevant to the discussion.


    Brazil withdraws from UN Migration Compact

    BrasiliaNew Brazilian President Jair Bolsonaro announced the withdrawal from the UN Global Compact on Migration as he had promised to do earlier.

    US government shutdown could be bad for Israel

    WashingtonThe US government shutdown has continued for 18 days. Now defense contractors and lobbyists are starting to worry that it could be bad for Israel.

    US national defence hierarchy now run by women

    WashingtonThe United States' national defense hierarchy is, for the first time in history, largely run by women. According to mainstream MSNBC, women have taken over the US military-industrial complex.

    Facebook bans conservatives but fails to stop child exploitation apps

    Facebook monitors billions of posts per day in over 100 languages. The company’s solution is a network of ideologically-minded workers that ban content with the help of PowerPoint slides. That sadly does not include child porn on third-party apps.

    Columbia student defends his remarks about ‘white achievements’

    New YorkColumbia University student Julian von Abele, whose comments on Twitter about white people went viral earlier this week, released a statement on Tuesday defending himself.

    Chile pulls out of Marrakesch

    SantiagoChile has joined the growing exodus from the United Nations Migration Compact. It has become the latest country to withdraw, President's Sebastian Pinera's administration announced.

    US Government loses landmark court case on vaccine safety

    WashingtonThe US federal government has been neglecting vaccine safety obligations for decades. Anti-vaccine activists have now won an important lawsuit against the US Department of Health and Human Services (DHHS).

    ISIS cyber attacks were falsely blamed on Russia

    An Islamic State-linked media outlet says a Canadian man - not Russia - was behind the terror group’s highest-profile cyber attacks, including the takeover of the Twitter account of the US military’s Central Command.

    Media reporting rigged against Republicans, Trump

    Ahead of the 2018 midterm elections in the United States, the mainstream media were directing their campaign reporting against Republicans.

    Trump is serious about troop deployment on US-Mexican border

    The number of US troops to be deployed at the Mexico border could reach 15 000, President Trump said on Wednesday afternoon.

    Go to archive