New report highlights Pentagon’s cyber flaws
A US federal report has revealed glaring cyber vulnerabilities in US weapons systems. The Government Accountability Office (GAO) report also found that defense officials believed the security measures were able to defeat hackers, even though outside teams were easily able to penetrate systems.
Published: October 27, 2018, 10:53 am
The GAO report revealed that most weapons systems it tested had deep cyber flaws. It is “likely has an entire generation of systems that were designed and built without adequately considering cybersecurity” the report stated.
Last month, the military publicly acknowledged at a Senate hearing that it struggled with recruiting cyber specialists. Lt. Gen. Stephen Fogarty, the commander of US Army Cyber Command, told lawmakers of “a challenge in retaining the core skills that we need”.
Edgard Capdevielle, CEO of industrial cybersecurity firm Nozomi Networks, said that the report highlighted the scope of the Pentagon’s failure to maintain cyber security. Capdevielle said it was “not entirely surprising that military leaders turned a blind eye to security weaknesses within the Pentagon’s multibillion-dollar weapons systems”.
“Addressing cybersecurity vulnerabilities after the fact is a monumental task, so it’s unfortunate that the military failed to take action despite continued warnings from the Government Accountability Office,” he told The Hill.
A defense authorisation bill for fiscal 2016 had ordered the Pentagon to test for cyber weaknesses in weapon systems and upgrades to counter cyber attacks.
But the Pentagon has systematically failed to evalue the extent of cyber threats to America’s most powerful weapons, the report warned. “Military members’ lives could depend on the weapon system working as it’s supposed to,” according to Bob Taylor, former Pentagon advisor.
Taylor suggested that the problem was the culture at the Pentagon. He urged military leaders to put pressure on Pentagon officials regarding cyber security practices and risks.
“I think that there really needs to be a strong message the people will be held accountable for not adequately responding to the shortcomings that have been revealed, and to create a culture of real care and attention to the vulnerabilities that the network weapons systems create,” he said.
“That could be a matter of life and death,” he added. Taylor was an Obama administration appointee.
John Harmon, a former NSA analyst, said that many Pentagon officials are too focused on getting weapons systems to comply with necessary regulations. “Compliance is not security, it’s compliance,” Harmon said.
He also noted that while cyber standards must constantly be updated, many weapons systems, like ships, are built to last for decades. “Some of these systems again were built a long time ago. And sure, they might be compliant with when they were put out, but they’re not up to date when it comes to there being some kind of a system that actually protects these things from some kind of sophisticated adversary.”
Examples of how hackers are able to penetrate weapons systems, were presented showing how systems could be disrupted, changed and data could be downloaded. Parts of a system could even be shut down while scanning for cyber flaws.
In one notable case, a weapons system was actually taken over in just one day by a team of hackers. They said the Pentagon was still “in the early stage of trying to understand how to apply cybersecurity to weapon systems”.
A Pentagon spokesperson, asked to comment on the report, said in a statement to The Hill that the department “takes threats to our nation seriously”.
“We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our Defense Industrial Base and Defense Critical Infrastructure partners to secure critical information,” the spokesperson said.
Jim Langevin, a Democrat member of the House Armed Services Committee and co-founder of the Congressional Cybersecurity Caucus, said he was “not surprised” by the report’s findings. “While DoD has made progress in lowering its cybersecurity risks, it has not moved fast enough,” he said in a statement.
The 2018 defense authorisation bill has gone even further, mandating that the department detail a budget for their cybersecurity efforts.
US Cyber Command is a standalone agency, and not housed within the US National Security Agency (NSA).
All rights reserved. You have permission to quote freely from the articles provided that the source (www.freewestmedia.com) is given. Photos may not be used without our consent.
Keep your language polite. Readers from many different countries visit and contribute to Free West Media and we must therefore obey the rules in, for example, Germany. Illegal content will be deleted.
If you have been approved to post comments without preview from FWM, you are responsible for violations of any law. This means that FWM may be forced to cooperate with authorities in a possible crime investigation.
If your comments are subject to preview by FWM, please be patient. We continually review comments but depending on the time of day it can take up to several hours before your comment is reviewed.
We reserve the right to delete comments that are offensive, contain slander or foul language, or are irrelevant to the discussion.
Last week, more than 30 countries and airlines from India to Italy, China, Indonesia and Australia grounded all Boeing 737 Max 8 jets after a second fatal crash of the plane brought the death toll to 346 people.
An internal salary analysis of the software giant Google has revealed wage discrimination against men.
Fox News host Tucker Carlson on his show this week questioned the wisdom of American intervention in Venezuela.
Black transgender sprinters finished first and second at a recent girls’ high school track championship in Connecticut.
WashingtonUS senators from both main parties are preparing additional sanctions against Russia, despite the Senate Intelligence Committee having uncovered no direct evidence of collusion between the President Trump's campaign and Russia.
WashingtonThe alleged Russian influence campaign - or meddling - in US elections never happened but was used to smear Russia and undermine the election of President Donald Trump.
RomeItalian Deputy Foreign Minister on Monday joined indignation expressed by Russia and China over efforts to meddle in crisis-hit Venezuela after the EU Parliament also voted, in a non-legislative resolution, to recognise opposition leader Juan Guaido as interim president of the oil-rich nation.
WashingtonAmerican mainstream media reported this week that a group of white school children harassed a group of Native American, black and minority adults when footage of the interaction shows that the exact opposite happened.
BrasiliaNew Brazilian President Jair Bolsonaro announced the withdrawal from the UN Global Compact on Migration as he had promised to do earlier.
WashingtonThe US government shutdown has continued for 18 days. Now defense contractors and lobbyists are starting to worry that it could be bad for Israel.