New report highlights Pentagon’s cyber flaws
A US federal report has revealed glaring cyber vulnerabilities in US weapons systems. The Government Accountability Office (GAO) report also found that defense officials believed the security measures were able to defeat hackers, even though outside teams were easily able to penetrate systems.
Published: October 27, 2018, 10:53 am
The GAO report revealed that most weapons systems it tested had deep cyber flaws. It is “likely has an entire generation of systems that were designed and built without adequately considering cybersecurity” the report stated.
Last month, the military publicly acknowledged at a Senate hearing that it struggled with recruiting cyber specialists. Lt. Gen. Stephen Fogarty, the commander of US Army Cyber Command, told lawmakers of “a challenge in retaining the core skills that we need”.
Edgard Capdevielle, CEO of industrial cybersecurity firm Nozomi Networks, said that the report highlighted the scope of the Pentagon’s failure to maintain cyber security. Capdevielle said it was “not entirely surprising that military leaders turned a blind eye to security weaknesses within the Pentagon’s multibillion-dollar weapons systems”.
“Addressing cybersecurity vulnerabilities after the fact is a monumental task, so it’s unfortunate that the military failed to take action despite continued warnings from the Government Accountability Office,” he told The Hill.
A defense authorisation bill for fiscal 2016 had ordered the Pentagon to test for cyber weaknesses in weapon systems and upgrades to counter cyber attacks.
But the Pentagon has systematically failed to evalue the extent of cyber threats to America’s most powerful weapons, the report warned. “Military members’ lives could depend on the weapon system working as it’s supposed to,” according to Bob Taylor, former Pentagon advisor.
Taylor suggested that the problem was the culture at the Pentagon. He urged military leaders to put pressure on Pentagon officials regarding cyber security practices and risks.
“I think that there really needs to be a strong message the people will be held accountable for not adequately responding to the shortcomings that have been revealed, and to create a culture of real care and attention to the vulnerabilities that the network weapons systems create,” he said.
“That could be a matter of life and death,” he added. Taylor was an Obama administration appointee.
John Harmon, a former NSA analyst, said that many Pentagon officials are too focused on getting weapons systems to comply with necessary regulations. “Compliance is not security, it’s compliance,” Harmon said.
He also noted that while cyber standards must constantly be updated, many weapons systems, like ships, are built to last for decades. “Some of these systems again were built a long time ago. And sure, they might be compliant with when they were put out, but they’re not up to date when it comes to there being some kind of a system that actually protects these things from some kind of sophisticated adversary.”
Examples of how hackers are able to penetrate weapons systems, were presented showing how systems could be disrupted, changed and data could be downloaded. Parts of a system could even be shut down while scanning for cyber flaws.
In one notable case, a weapons system was actually taken over in just one day by a team of hackers. They said the Pentagon was still “in the early stage of trying to understand how to apply cybersecurity to weapon systems”.
A Pentagon spokesperson, asked to comment on the report, said in a statement to The Hill that the department “takes threats to our nation seriously”.
“We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our Defense Industrial Base and Defense Critical Infrastructure partners to secure critical information,” the spokesperson said.
Jim Langevin, a Democrat member of the House Armed Services Committee and co-founder of the Congressional Cybersecurity Caucus, said he was “not surprised” by the report’s findings. “While DoD has made progress in lowering its cybersecurity risks, it has not moved fast enough,” he said in a statement.
The 2018 defense authorisation bill has gone even further, mandating that the department detail a budget for their cybersecurity efforts.
US Cyber Command is a standalone agency, and not housed within the US National Security Agency (NSA).
All rights reserved. You have permission to quote freely from the articles provided that the source (www.freewestmedia.com) is given. Photos may not be used without our consent.
Keep your language polite. Readers from many different countries visit and contribute to Free West Media and we must therefore obey the rules in, for example, Germany. Illegal content will be deleted.
If you have been approved to post comments without preview from FWM, you are responsible for violations of any law. This means that FWM may be forced to cooperate with authorities in a possible crime investigation.
If your comments are subject to preview by FWM, please be patient. We continually review comments but depending on the time of day it can take up to several hours before your comment is reviewed.
We reserve the right to delete comments that are offensive, contain slander or foul language, or are irrelevant to the discussion.
An Islamic State-linked media outlet says a Canadian man - not Russia - was behind the terror group’s highest-profile cyber attacks, including the takeover of the Twitter account of the US military’s Central Command.
Ahead of the 2018 midterm elections in the United States, the mainstream media were directing their campaign reporting against Republicans.
The number of US troops to be deployed at the Mexico border could reach 15 000, President Trump said on Wednesday afternoon.
WashingtonOn Monday, President Trump warned the illegal caravan approaching the US border from the south that the US military was waiting for them.
WashingtonJamal Khashoggi was not the first victim of the Saudi regime allegedly hunted down and murdered. And President Donald Trump and his family, including son-in-law Jared Kushner, have meanwhile been supporting Saudi Arabia’s bizarre explanation for the murder of Washington-based Saudi journalist Khashoggi.
According to a law enforcement official, examiners are looking at whether the mail bombs sent to US Democrats over the last 48 hours were "hoax devices". What looked like bombs seen on television, may have been fakes.
According to reports, there is now a second migrant caravan heading for the US of around 1000 people. They crossed from Honduras into Guatemala on Sunday night. The first wave comprises between 10 000 and 14 000 migrants, and includes notorious MS-13 gang members.
US President Donald Trump told a defense round-table in Arizona that he would not allow the caravan of migrants from Honduras into the United States, because there are hardened criminals in the group.
American left-wing groups are openly discussing mass executions and planned murders of prominent conservatives, and they’re using Twitter to communicate their plans.
Almost half of the inhabitants of large cities in the US speak a foreign language. Nationally, one in five spoke a language other than English last year, newly released US Census Bureau data for 2017 shows.