The Government Accountability Office (GOA), a United States government watchdog has revealed that the Department of Defense (DoD) weapons system are vulnerable to hacks and the Pentagon has “not made weapon cybersecurity a priority”
The 50 paged report by the GOA began with an introduction on how cyber attacks can lead to catastrophe.
“The Department of Defense (DOD) plans to spend about $1.66 trillion to develop its current portfolio of weapon systems. These weapons are essential to maintaining our nation’s military superiority and for deterrence. It is important that they work when needed, yet cyber attacks have the potential to prevent them from doing so. Cyber attacks can target any weapon subsystem that is dependent on software, potentially leading to an inability to complete military missions or even loss of life,” it noted.
While the GOA did not detail the contents of the vulnerabilities as they are classified, it admitted the US DoD “likely does not know the full extent of the problems” as they may just be a tip of the iceberg.
“A successful attack on one of the systems the weapon depends on can potentially limit the weapon’s effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life,” the report said.
According to findings “the watchdog’s testers used relatively simple tools and techniques to take control of systems and operate almost undetected — because of poor password management and unencrypted communications.”
“They could see, in real-time, what the operators were seeing on their screens and could manipulate the system,” the report read
“Another test team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating,” it added.
Testers were also able to download over 100 gigabytes of data from servers undetected in one case and all these were done in limited time.
Many of the flaws were due to the fact that systems were running commercial or open source software with default passwords they did not bother to change thus allowing the testers to gain administrator controls by just looking up the passwords on the internet.
Also, failure to patch software with known vulnerabilities and updates was another common issue. Since these flaws can allow low skilled hackers inflict heavy damages then highly skilled hackers working for foreign adversaries can cause chaos if they gain control of these systems.
The report also acknowledges that while the Pentagon is stepping up efforts to secure the US weapons system, it must do more.