Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

New Pentagon Weapons Systems Easily Hacked: Report

New US weapons systems being developed by the US Department of Defense can be easily be hacked by adversaries, a new government report said on Tuesday.

New US weapons systems being developed by the US Department of Defense can be easily be hacked by adversaries, a new government report said on Tuesday.

The Government Accountability Office said the Pentagon was unaware of how easy it could be for an adversary to gain access to the computer brains and software of the weapons systems and operate inside them undetected.

The weak points began with poor password management and unencrypted communications, it said.

But it said access points for the systems continued to grow in number and are not always well-understood by the operators themselves, leaving even non-networked systems deeply vulnerable.

More critically, the report faulted the US military for not incorporating cybersecurity into the design and acquisition process for the computer-dependent weapons, and said weapons developers often did not themselves adequately understand cybersecurity issues.

“Due to this lack of focus on weapon systems cybersecurity, DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the GAO said.

“In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing,” it said.

In another case, it said, the test team gained control of the terminals of the system’s operators.

Advertisement. Scroll to continue reading.

“They could see, in real-time, what the operators were seeing on their screens and could manipulate the system.”

The public, unclassified version of the report did not identify which arms systems it had tested and found faults with, citing the need for secrecy. 

But it said that between 2012 and 2017, the Defense Department’s own testers “routinely” found dangerous cyber vulnerabilities in “nearly all” weapons systems under development. 

“Using relatively simple tools and techniques, testers were able to take control of these systems and largely operate undetected. In some cases, system operators were unable to effectively respond to the hacks,” it said.

The risk rises as Pentagon weapons and other systems are increasingly interconnected and their dependence on software and networking continues to rise.

The report came as the US government wrestles with what it sees as concerted efforts by government-backed hackers in Russia and China to permeate government and private sector computer networks to steal data or simply wreak havoc.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.