“Nearly all” the weapons systems that were being developed by the US military from 2012 to 2017 are vulnerable to cyber-attack, according to a new report by the Government Accountability Office.
During some of the tests, testers were able to hack into some of these complex weapons systems and take control over them “using relatively simple tools and techniques.”
Commenting on the news is George Cerbone, Principal Solutions Architect at One Identity:
“The GAO report is a summary of a series of tests that were done on a wide variety of military systems. As one might imagine, most of the specific results of those tests are classified, and we don’t know what the specific vulnerabilities are. What is perhaps more interesting is that the report indicates that the Pentagon suffers from the same problem that every large company or bureaucracy has to deal with: security is hard, it requires discipline, and there is a shortage of trained security people. The problems that were disclosed were typical of what we find in every large organisation: default passwords were not changed. Personnel may have followed compliance documents, but didn’t really understand what they were doing. Managers were defensive when deficiencies were discovered. And the solution is the same as it is in every large organisation: make security a priority, be disciplined, and train your people.
“One final thought: the typical reaction to these types of revelations is shock, outrage, denial, etc. Instead, I would like to suggest that finding these exposures is a wonderful thing. Every single one of the deficiencies that were found are all now known and can be fixed. And they can be fixed now, and not after a malicious attacker has exploited them. So instead of reacting with denial and shame, greet each of these reports with the joy of knowing you are on your way to being more secure.”