The Pentagon’s newest weapons have a common problem: Vulnerability to cyber threats that could render them useless on the battlefield.
The Government Accountability Office released a report last week that found the latest weapons, which depend heavily on software to work, could fall victim to hackers.
“We found that from 2012 to 2017, DoD testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report said. “Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected.”
Adding to the concerns is the fact that American rivals including Russia and China have developed sophisticated cyberwarfare units that could take advantage of the weaknesses in American weapons.
Russia’s cyber muscle was on display this month when the Justice Department revealed a military intelligence operation that hacked into files from the Colorado Springs-based U.S. Anti-Doping Agency.
The report found that it could be just as easy to take control of missiles, drones or even new aircraft.
And the Pentagon hasn’t fully assessed the risks of cyberattacks on its weapons.
“Furthermore, DOD does not know the full scale of its weapon system vulnerabilities because, for a number of reasons, tests were limited in scope and sophistication,” the report said.
Of America’s rivals, Russia alone has shown off its ability to meld cyberwarfare with traditional attacks. In fighting with its neighbors in Georgia and Ukraine, Russian forces have used hacking to weaken their enemies as ground forces attack.
GAO investigators found one particular weakness: It’s fairly easy to hack a weapons system when its password is “password.”
“Poor password management was a common problem in the test reports we reviewed,” the report said. “One test report indicated that the test team was able to guess an administrator password in nine seconds.”
There’s some good news: The Pentagon is working quickly to address the cyber vulnerabilities.
“These include improvements such as specifying that cyber-security policies apply to weapon systems and requiring more focus on cyber-security throughout a weapon system’s acquisition life cycle,” the report said.
Contact Tom Roeder: 636-0240 Twitter: @xroederx