Latest in Gear

Image credit:

The US ballistic missile system is a cybersecurity nightmare

Some of its computers don't even have anti-virus.
Mariella Moon, @mariella_moon
December 18, 2018
Share
Tweet
Share

Sponsored Links

SIPA USA/PA Images

The US Department of Defense Inspector General has recently taken a close look at the country's Ballistic Missile Defense System (BMDS) and found its cybersecurity measures lacking in many, many aspects. In the report (PDF) published in April and unearthed by ZDNet, the Inspector General detailed the flaws it found in five random locations where the Missile Defense Agency installed ballistic missiles as part of the program. One of the most common issues it came across was lax enforcement when it comes to multi-factor authentication.

Apparently, many users/employees who have access to the BMDS' network in three of the five locations haven't even switched on multi-factor. Instead, they continue to use only their access cards and passwords for entry. And that's probably not secure enough, since, you know, the system was designed to launch ballistic missiles in order to intercept enemy nuclear rockets and defend US territories.

The auditors also found that three of the five missile locations didn't apply patches for vulnerabilities discovered years and years ago, even as far back as 1990. In addition, at least one team didn't protect their computers with an anti-virus or any other security product that can block intruders. Now, the BMDS computers and servers with access to the missiles might not even be connected to the internet. In that case, the lack of anti-virus wouldn't be such a huge deal... so long as nobody physically tampers with them.

Problem is, at least two locations' server racks weren't routinely locked and secured, allowing pretty much anyone to waltz in. "Failing to keep server racks locked increases the risk that unauthorized individuals could access or tamper with servers that support network operations," the report reads. Some officials didn't encrypt the networks' removable hard drives' and other media, as well, which they were supposed to do. It doesn't help that some of the BMDS locations had poor security planning, leaving gaps in their surveillance cameras' coverage.

This is far from the first time government investigators found the military lacking in terms of cybersecurity. Back in October, a Government Accountability Office report also revealed that nearly all of Pentagon's weapons systems are vulnerable to cyberattack.

In this article: gear, missile, pentagon, security, usballistic
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Quibi confirms it's shutting down

Quibi confirms it's shutting down

View
The latest ‘Fortnite’ patch makes the game 60GB smaller on PC

The latest ‘Fortnite’ patch makes the game 60GB smaller on PC

View
Apple pulls TV Remote app now that it's built into iOS

Apple pulls TV Remote app now that it's built into iOS

View
Apple iPad Air (2020) review: Who needs the iPad Pro?

Apple iPad Air (2020) review: Who needs the iPad Pro?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr