The U.S Government Accountability Office (GAO) published a report on Tuesday, which highlights that the U.S. Department of Defense (DOD) can be easily hacked by adversaries. The report states that military weapon systems developed from 2012 to 2017 are vulnerable to cyber attacks.
The GAO also said that the Pentagon was unaware of how easy it could be for an adversary to gain access to the computer brains and software of the weapons systems and operate inside them undetected.
The GAO investigators assessed the Pentagon’s cybersecurity findings over a five-year period. The testers were asked to find vulnerabilities by hacking into the military weapon systems. To this, GAO reported, “testers were able to take control of systems and largely operate undetected, due in part, to basic issues such as poor password management and unencrypted communications.”
The testers could shut down a system simply by scanning it. This is a typical first step in trying to carry out a digital attack.
The testers could also manipulate what the soldiers operating the weapon were seeing on their computer screens. As described in the report, “weapons testers caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.”
One of the reasons DOD systems are susceptible to the cyber attack could be their connectivity to various other systems, which can introduce vulnerabilities and make systems more difficult to defend.
DOD systems are also more connected than ever before, which can introduce vulnerabilities and make systems more difficult to defend. The report further mentions, "These connections help facilitate information exchanges that benefit weapon systems and their operators in many ways—such as command and control of the weapons, communications, and battlespace awareness. If attackers can access one of those systems, they may be able to reach any of the others through the connecting networks."
Pentagon spokesperson Maj. Audricia Harris told CNN, “We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our defense Industrial Base and defense Critical Infrastructure partners to secure critical information."
The fact that Pentagon weapon systems are vulnerable to cyber-attack raises brings in a lot of questions about the huge chunk of investments the US has done in its programs.
Following the revelation of this vulnerability, the Department of Defense recently released its cyber strategy stating that the Pentagon is seeking to incorporate cyber-security awareness throughout the institutional culture of the department.
The report claims that the DOD documented many of these "mission-critical cyber vulnerabilities," but Pentagon officials who met with GAO testers claimed their systems were secure, and "discounted some test results as unrealistic."
GAO said, “all tests were performed on computerized weapons systems that are still under development. GAO officials also highlighted that hackers can't yet take control over current weapons systems and turn them against the U.S. But if these new weapons systems go live, the threat is more than real.”
To know more about this in detail, head over to GAO’s report.
Upgrade to Git 2.19.1 to avoid a Git submodule vulnerability that causes arbitrary code execution
Implementing Web application vulnerability scanners with Kali Linux [Tutorial]
Bitcoin Core escapes a collapse from a Denial-of-Service vulnerability