A new report has indicated many new weapons systems used by the military suffer from mission-critical cyber vulnerabilities, as reported in The Washington Post. The result of a review of security audits from 2012 to 2017, the report stated, “DOD testers routinely found mission critical cyber vulnerabilities in nearly all weapons systems that were under development. Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected.” Many of the vulnerabilities were noted to be due to poor attention to cybersecurity practices, including issues like not changing default passwords. Such problems allowed testers to copy or delete data, view the operator’s screens, and perform various systems functions, all of which could disrupt missions and cause loss of life.
Emphasis was also placed on improving cyber security considerations during the design and development phases, as the report noted, “Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity. Bolting on cybersecurity late in the development cycle or after a system has been deployed is more difficult and costly than designing it in from the beginning.”
Source:
