Pentagon Weapons Systems Vulnerable To Cyber-Attacks

Uploaded on 2018-10-16 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE--USA, NEWS-News Analysis, TECHNOLOGY--Hackers

Defense Department weapons programs are vulnerable to cyberattacks, and the Pentagon has been slow to protect the systems which are increasingly reliant on computer networks and software, a federal report said Tuesday 9th Oct.

The US Government Accountability Office said the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The audit, conducted between September 2017 and October 2018, found that there are "mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats."

Pentagon officials have acknowledged for years that the department, the military services and defense contractors are under persistent cyber probes and attacks, including from state actors seeking to steal data to gain an economic or technological advantage. 

The report doesn't name potential attackers, but it noted that some "advanced threat actors" are aware of the vulnerabilities and "have well-funded units that focus on positioning themselves to potentially undermine US capabilities."
US officials have repeatedly accused Russia and China of using cyberattacks to breach government and commercial networks and systems. 

The GAO, which is Congress' investigative arm, provides no details about what the specific military systems are or how they are vulnerable, due to their classified nature. The report said that nine major defense acquisition programs from various military services were reviewed.

In one case, it said, "it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing."

In other cases, the report said that testers, using simple tools and techniques, were able to take control of computer terminals and see what the operators were seeing in real time. 

Another team was able to send a pop-up message to the computer terminals "instructing them to insert two quarters to continue operating." The teams were also able to copy, change and delete data.

Vulnerabilities found within the systems included being able to turn a weapon on or off, affect missile targeting, adjust oxygen levels or manipulate what controllers see on their computer screens. 

The report cited problems with poor passwords, insecure lines of communication and the Defense Department's ongoing struggle to get qualified cybersecurity staff. 

DefenseOne

You Might Also Read: 

Pentagon Faces Big Challenges In Retaining Cyber Talent:

« Chinese Spy Extradited To Go On Trial
Cyberattack Revelations Appear To Undercut Russia's UN Efforts »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ACI Worldwide

ACI Worldwide

ACI Worldwide powers electronic payments for more than 5,000 organizations around the world.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.