The U.S. Government Accountability Office (GAO) recently conducted a study to evaluate the state of Department of Defense (DOD) weapon systems cybersecurity and the results were not very promising. The legislative branch government agency stated that most of the new weapons designed by DOD are vulnerable to cyber-attacks. Moreover, GAO pointed out that DOD does not even know the full extent of the problems that existed in their weapons.
According to the report, DOD testers frequently found “mission-critical cyber vulnerabilities” in almost every weapon system they were developing between 2012 and 2017. “Testers were able to take control of these systems and largely operate undetected. In some cases, system operators were unable to effectively respond to the hacks,” the report added. “Furthermore, DOD does not know the full scale of its weapon system vulnerabilities because, for a number of reasons, tests were limited in scope and sophistication.”
One of the major reasons that GOA quoted behind weapon systems’ vulnerability are their connectivity to other devices that facilitate “information exchanges that benefit weapon systems and their operators in many ways.” However, if attackers breach the security layers and gain access to systems, it may be easier for them to “reach any of the others through the connecting networks”.
In the report, GAO was also critical of DOD’s attitude toward cybersecurity. GOA stated that it and others have warned DOD “of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity. Finally, DOD is still determining how best to address weapon systems cybersecurity.”
“DOD has recently taken several steps to improve weapon systems cybersecurity, including issuing and revising policies and guidance to better incorporate cybersecurity considerations. DOD, as directed by Congress, has also begun initiatives to better understand and address cyber vulnerabilities,” the report further stated.