14:20 GMT +316 November 2018
Listen Live
    The F-35 fighter jet is among the U.S. weapons programs that showed significant vulnerabilities to cyber attacks during testing by the Pentagon last year.

    Simulated Hackers Learned Passwords to US Weapons Systems in 9 Seconds

    © Flickr / US Air Force
    Military & Intelligence
    Get short URL
    4243

    In a recent cybersecurity test aimed at determining the resiliency of major weapons systems developed by the Pentagon, “testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected,” according to a government watchdog.

    In one case, the testers accessed systems by guessing administrator passwords in nine seconds.

    The Government Accountability Office (GAO) found up-and-coming American weapons riddled with cybersecurity vulnerabilities in a new report published October 9. "In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic," the watchdog said.

    The significance of these cyber vulnerabilities is twofold. First, the Pentagon plans to spend $1.6 trillion on developing its existing stocks of major weapons systems, meaning any information lost could be extremely valuable, worth millions or billions of dollars.

    Secondly, American weaponry is "more computerized and networked than ever before," which ultimately increases the surface area that can be attacked by cyber adversaries. GAO noted that this was "no surprise."

    In one example, GAO showed a fictitious bomber aircraft that somewhat resembles a B-2 Stealth bomber to display how computerized some weapon systems are. The fictitious aircraft's cyber-dependent systems are many: maintenance, industrial control, microelectronics, logistics, targeting, database, communications, collision avoidance, controller area network bus and identifying friends or foes.

    Technologist Chris Garaffa explained to Sputnik News Thursday how GAO's findings displayed the "frightening reality of the state of cybersecurity in the US military."

    "Despite having a nearly $700 billion budget, there are basic security measures being ignored that any system with even moderate security requirements would need to consider. These include air-gapped systems, which aren't connected to the internet, [that] have physical vulnerabilities that could let an attacker who gets close to the system infiltrate it," Garaffa said.

    "In other cases, default system passwords were so simple that ‘the test team was able to guess an administrator password in nine seconds,' while also pointing out that attackers could have timeframes of weeks or even months to figure out these same passwords undetected."

    According to the web developer, the Pentagon's preferred method of buying weapon systems is part of the problem. The Department of Defense relies on contractors and vendors whose incentive is to minimize expenses and optimize profit, he noted.

    "Cybersecurity appears to be one area where both the DOD has significant flaws in its requirements, and these companies do not see the need to provide security as a basic feature. The report explicitly says that ‘… until recently, DOD did not prioritize cybersecurity in weapons systems acquisitions,'" Garaffa lamented.

    Related:

    Alleged Cyber Attack on OPCW, Eastern Partnership to Top EU's Luxembourg Summit
    Israeli Ex-Spy Chief Names Main Target in Possible Cyber War With Iran - Reports
    New Cyber Deterrence Bill Empowers US Gov't to Impose More Sanctions - Senators
    Cyber Expert on Alleged Chinese Spy Chips: 'This Can Have Significant Impact'
    Over 20 US States Urge Congress to Protect Mid-Term Elections From Cyber Attacks
    Tags:
    password, hacker, vulnerabilities, cyber, GAO, Pentagon, Washington
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik