[ad_1]
Breaking News E-mails
Receive last minute alerts and special reports. News and stories that matter, broadcast in the morning on weekdays.
Au Alex Johnson
Cyber security has also become fundamental: neglecting to encrypt classified USB sticks and failing to physically lock critical computer servers makes the US vulnerable to deadly missiles The report, dated December 10 but not released before Friday, summarizes eight months of investigation of the country's ballistic missile defense system by the Pentagon's Inspector General's office. , or IG.
The audit focused on five of the Department of Defense's 104 facilities that manage ballistic missile defense systems and technical information.
The facilities are not identified in the 44-page report, which has been completely redacted. But the report makes many specific references to programs involving the Army, the Navy and the Missile Defense Agency.
"The Army, the Navy and the MDA did not protect networks or systems that process, store and transmit technical information from unauthorized persons, access and use," the declassified report concludes.
The deficiencies could lead to the disclosure of "essential details that compromise the integrity, confidentiality and availability of [ballistic missile defense] technical information". Twice, he warns that such a disclosure "could allow American opponents to bypass the capabilities of [ballistic missile defense] making them vulnerable to deadly missile attacks."
The audit found deficiencies in at least three of the seven safety factors examined.
Perhaps most troubling, the audit revealed that administrators in three of the five facilities did not control known vulnerabilities on classified networks, even those that were reported as immediately and potentially serious by Cyber Command. American.
According to the audit, a vulnerability deemed critical since 1990 still had not been resolved by the time the IGO office examined it in April. The report outlines the potential consequences of exploiting this vulnerability.
Some facilities have not implemented extremely basic cybernetic security measures, such as the installation of security cameras to monitor the entrances and exits of facilities holding ballistic missile defense information, or to Based on the audit, ensure that access to computer servers distributing classified information was restricted to persons with an approved motive and authorized to work with them.
In some cases, there was not even a lock at the doors of the rooms housing the servers he found. In others, the server rooms may have been locked, but the lock keys have been kept in unlocked filing cabinets. The data center manager of one of the facilities told investigators that he did not know that storage keys and keys needed to be secured, according to the report.
Investigators also found that employees and contractors were allowed to take classified data with them. removable media such as USB sticks without proper authorization. It is thus that Edward Snowden, then a subcontractor of the National Security Agency, allegedly stole thousands of extremely sensitive secrets from the government in 2013.
Despite the regulation, even unclassified sensitive information carried on removable media must be encrypted. 1 per cent of the unclassified controlled information stored on removable media "was encrypted in two of the five facilities, the report said.
The security officer of one of the facilities told investigators that the encryption was not imposed because the installation was used "legacy systems" – talking about the computer for old and outdated hardware and software – that can not handle encryption, that n & # 39; Any computer you buy today can easily handle.
Other officials "stated that they were unaware of any requirement or requirement. An ability to encrypt removable media, "he said.
Such fundamental failures point to systems that store, process and transmit ballistic missile defense. Technical data" are vulnerable to cyberattacks. " es, data breaches, loss and manipulation of data and unauthorized disclosure of technical information, "said the IG office. And this leaves the United States "vulnerable to missile attacks that threaten the security of their citizens and their critical infrastructure."
A year after Vice Admiral of the Navy, JD Syring, then Director of the Navy. Missile Defense Agency, expressed its concern to Congress about the potential threat to ballistic missile defense information in April 2016.
Time and again, the audit revealed critical shortcomings in security matter. the result, to a large extent, of the lack of judgment or knowledge on the part of employees and managers.
This corresponds to Syring's testimony before a subcommittee of the House two and a half years ago, when he stated that the missile defense agency was working hard to strengthen cybersecurity. specifically in the areas of "individual human performance and responsibility."
The report is only the latest, but one of the most alarming of a series of internal findings dating back more than a decade that the US defense infrastructure is deeply vulnerable to cyberattacks.
The Ministry of Defense revealed in 2011 that 24,000 files containing data from the Pentagon had been stolen from a computer network of the defense industry. intrusion – one of the most significant sensitive data losses suffered by the government before Snowden.
Just two months ago, the Government Accountability Office found that Defense Department weapons programs were slow to protect computer and software-based systems, rendering them vulnerable to cyberattacks.
In one case, he said: "It took a test team consisting of two people barely an hour to get initial access to a weapon system and one day to get full control. testing. "
[ad_2]
Source link
