Pentagon Weapons Systems Vulnerable To Cyber-Attacks

Defense Department weapons programs are vulnerable to cyberattacks, and the Pentagon has been slow to protect the systems which are increasingly reliant on computer networks and software, a federal report said Tuesday 9th Oct.

The US Government Accountability Office said the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The audit, conducted between September 2017 and October 2018, found that there are "mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats."

Pentagon officials have acknowledged for years that the department, the military services and defense contractors are under persistent cyber probes and attacks, including from state actors seeking to steal data to gain an economic or technological advantage. 

The report doesn't name potential attackers, but it noted that some "advanced threat actors" are aware of the vulnerabilities and "have well-funded units that focus on positioning themselves to potentially undermine US capabilities."
US officials have repeatedly accused Russia and China of using cyberattacks to breach government and commercial networks and systems. 

The GAO, which is Congress' investigative arm, provides no details about what the specific military systems are or how they are vulnerable, due to their classified nature. The report said that nine major defense acquisition programs from various military services were reviewed.

In one case, it said, "it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing."

In other cases, the report said that testers, using simple tools and techniques, were able to take control of computer terminals and see what the operators were seeing in real time. 

Another team was able to send a pop-up message to the computer terminals "instructing them to insert two quarters to continue operating." The teams were also able to copy, change and delete data.

Vulnerabilities found within the systems included being able to turn a weapon on or off, affect missile targeting, adjust oxygen levels or manipulate what controllers see on their computer screens. 

The report cited problems with poor passwords, insecure lines of communication and the Defense Department's ongoing struggle to get qualified cybersecurity staff. 

DefenseOne

You Might Also Read: 

Pentagon Faces Big Challenges In Retaining Cyber Talent:

« Chinese Spy Extradited To Go On Trial
Cyberattack Revelations Appear To Undercut Russia's UN Efforts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.