It seems like the importance of cybersecurity is just now dawning on the US Department of Defense. The Government Accountability Office conducted a series of tests that proved that US weaponry is easily hackable. These basic security vulnerabilities seem to affect weapons systems from 2012 to 2017 to a mission-critical point.
US Weaponry Easily Hacked – The Story
According to NPR, it all started when the Senate Armed Services Committee asked the GAO to review how secure the Pentagon’s weapons systems are. The 50 paged report that followed pointed to some major vulnerabilities in US weaponry systems. Apparently, the DoD knew about some of these vulnerabilities and had previously “discounted some test results as unrealistic”.
From cracking passwords in under 10 seconds to taking over entire systems in a day, GAO found a range of vulnerabilities throughout the systems. In other cases, GAO agents used software and information downloaded off the internet to gain control of the systems.
GAO’s tests included “going over data from the Pentagon’s own security tests of weapon systems” under development. GAO also interviewed cybersecurity officials to see how “systems are protected and how they respond to attacks”.
US Weaponry Systems Vulnerability – GAO’s Findings
To quote the GAO directly:
“One test report indicated that the test team was able to guess an administrator password in nine seconds. Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet and gain administrator privileges for that software. Multiple test teams reported using free, publicaly available information or software downloaded from the Internet to avoid or defeat weapon system security controls.”
The final report points to several issues that help maintain these cyber vulnerabilities. While the Pentagon had previously identified some of these problems, it did not resolve any of them. This happened despite the fact that program officials worked on defining solutions for these known vulnerabilities. In addition to that, the officials attributed this problem to “contractor error”.
According to GAO, the Pentagon’s main concern is attempting to maintain their cybersecurity personnel despite fierce salary bonuses within the private sector.
US Weaponry Systems Vulnerability – Final Thoughts
Perhaps this will entice the DoD to promote more programs for budding cybersecurity experts. Or maybe they’ll start investing in a better work-life balance for their engineers. Either way, this is a problem that can directly affect the lives of millions all over the world. It goes to show you how important cybersecurity is, and how underprepared our defense systems are when it comes to online threats and attacks.