A new report issued by the U.S. Government Accountability Office warns that many weapons programs being run by the Defense Department are vulnerable to cyber attacks. While the Pentagon was working hard trying to safeguard their "traditional IT systems," they left their weapons systems open to attack.
The report explained that "poor password management and unencrypted communications" allowed testers to "to take control of systems and largely operate undetected" while using basic hacking tools and techniques.
In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic.
The testers managed to access systems that could turn weapons on or off, alter a missile's target, and change what a controller sees on their screen in real-time.
In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.
The report warns that what they found is just the tip of the iceberg. They said that due to limitations into how the testing was done, they were unable to discover the full scope of the problem.
DOD does not know the full extent of its weapon systems cyber vulnerabilities due to limitations on tests that have been conducted. Cybersecurity assessments do not identify all vulnerabilities of the systems that are tested. This is, in part, because cybersecurity assessments do not reflect the full range of threats that weapon systems may face in operation.
Photo: Getty Images