Pentagon Weapons Systems Vulnerable To Cyber-Attacks

Defense Department weapons programs are vulnerable to cyberattacks, and the Pentagon has been slow to protect the systems which are increasingly reliant on computer networks and software, a federal report said Tuesday 9th Oct.

The US Government Accountability Office said the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The audit, conducted between September 2017 and October 2018, found that there are "mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats."

Pentagon officials have acknowledged for years that the department, the military services and defense contractors are under persistent cyber probes and attacks, including from state actors seeking to steal data to gain an economic or technological advantage. 

The report doesn't name potential attackers, but it noted that some "advanced threat actors" are aware of the vulnerabilities and "have well-funded units that focus on positioning themselves to potentially undermine US capabilities."
US officials have repeatedly accused Russia and China of using cyberattacks to breach government and commercial networks and systems. 

The GAO, which is Congress' investigative arm, provides no details about what the specific military systems are or how they are vulnerable, due to their classified nature. The report said that nine major defense acquisition programs from various military services were reviewed.

In one case, it said, "it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing."

In other cases, the report said that testers, using simple tools and techniques, were able to take control of computer terminals and see what the operators were seeing in real time. 

Another team was able to send a pop-up message to the computer terminals "instructing them to insert two quarters to continue operating." The teams were also able to copy, change and delete data.

Vulnerabilities found within the systems included being able to turn a weapon on or off, affect missile targeting, adjust oxygen levels or manipulate what controllers see on their computer screens. 

The report cited problems with poor passwords, insecure lines of communication and the Defense Department's ongoing struggle to get qualified cybersecurity staff. 

DefenseOne

You Might Also Read: 

Pentagon Faces Big Challenges In Retaining Cyber Talent:

« Chinese Spy Extradited To Go On Trial
Cyberattack Revelations Appear To Undercut Russia's UN Efforts »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Neurosoft

Neurosoft

Neursoft is a fully integrated ICT company with Software Development, System Integration and Information Technology Security capabilities.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.