Sputnik: What do you make of the findings of this Government Accountability Office, are these shocking to you?
Yul Bahat: Unfortunately, no. We have seen this kind of reports, we've been talking about this kind of problems for, I would say, over a decade, probably, even more. As a community we've been warning about this for a long time. And these things, we see it in the civilian world, we see it in the military world; to change these things, it takes a lot of time and effort and, unfortunately, they are not doing it.
Sputnik: Do you think that if the US, of all places, has a problem, other governments are also just as susceptible, if not more?
Yul Bahat: It's an excellent question, we have both types — there are governments around the world who take these things very seriously, Israel, for example, the UK is taking these things very, very seriously. The US [has] only [been] looking at cybersecurity as a threat for the last couple of years. So, I think we have both types, but I would not be surprised if big countries all over the world are struggling with similar things.
Sputnik: How serious is this threat? What does this mean when you read these findings? What exactly is at risk?
Yul Bahat: According to the report, which is currently the only official document that we have, the findings are extremely serious. It says that they take these sorts of researchers, hired by the DoD [Department of Defense] itself, [and] have been able to hack and take control of complete systems in under an hour. So, all they need is just is minimal access and nobody would even know that they are there. So they can take control of the system, they can change its behavior, they can do basically anything they want to those systems and we have to remember now that weapons today, what we think of [as] weapons are no longer guns, they are basically computers that can fire.
Sputnik: How are these assessments usually conducted? You said that they actually hired hackers themselves. Does Israel have a similar system, does the UK do similar things and what have been the findings of those reports that have been published on the findings of those two countries and how they do when they have own hired hackers trying to hack into the system?
Yul Bahat: So, this is a very common practice, again, both in the civilian world and in the defense world, you always hire what we would call "white hat hackers" or ethical hackers to try to break the systems just to understand where the vulnerabilities are. Then, obviously, you take these findings and you fix them as soon as possible according to your risk management practice. But what we've seen in the United States, again this is in the report itself, it says that out of, for example, in one case the hacker found 20 different very critical vulnerabilities — only one of them was fixed in the course of a year. So, the people making the calls, making the decisions are actively ignoring these findings. They are saying that either they are fictitious or they are not as critical as the hackers claim them to be and a bunch of other excuses.
The views and opinions expressed by the speaker do not necessarily reflect those of Sputnik.
The views and opinions expressed in the article do not necessarily reflect those of Sputnik.