Oct 9, 2018

Report finds cyber vulnerabilities in U.S. military weapons systems

Mattis strokes his chin and looks concerned.

Photo: Brendan Smialowski/AFP/Getty Images

The Pentagon has "routinely" found mission-critical cyber vulnerabilities in most systems under development from 2012-2017, and yet, U.S. military officials still often think the Pentagon's weapon systems are secure against cyberthreats, per a Government Accountability Office report issued Tuesday.

Why it matters: The report assesses that "[a]lthough GAO and others have warned of cyber risks for decades, until recently, DoD did not prioritize weapon systems cybersecurity." This is the first report the GAO is releasing on the cybersecurity of U.S. military weapon systems acquisitions.

The big picture: Part of the problem is the Defense Department has typically focused cybersecurity efforts on networks and IT systems, not weapons systems, per GAO. But the problem of weapons systems' cybersecurity is only going to burgeon since cyberthreats are getting more sophisticated and the Pentagon’s weapon systems are becoming software-dependent and networked more than ever before, per the report.

  • The acquisitions process is part of the problem. "DOD likely has an entire generation of systems that were designed and built without adequately considering cybersecurity," the authors of the report write.
  • Reality check: Not all systems were tested for the report, so the GAO assesses the cybersecurity vulnerabilities it's reporting on today are likely just a small sampling of the overall problem.

Top vulnerabilities included poor password management and unencrypted communications, per the report.

  • Threat level: Those checking into the Pentagon’s weapon systems found that even using simple tools they could overtake systems — and do so undetected.
Go deeper