US Weapons Systems Vulnerable to Cyber Attacks

Authorized hackers were quickly able to seize control of weapons systems being acquired by the American military in a test of the Pentagon’s digital vulnerabilities, according to a new and eye-opening government review.

The report by the Government Accountability Office concluded that many of the weapons, or the systems that control them, could be neutralized within hours. In many cases, the military teams developing or testing the systems were oblivious to the hacking.

A public version of the study, published last week, deleted all names and descriptions of which systems were attacked so the report could be published without tipping off American adversaries about the vulnerabilities. Congress is receiving the classified version of the report, which specifies which among the $1.6 trillion in weapons systems that the Pentagon is acquiring from defense contractors were affected.

But even the declassified review painted a terrifying picture of weaknesses in a range of emerging weapons, from new generations of missiles and aircraft to prototypes of new delivery systems for nuclear weapons.

“In one case, the test team took control of the operators’ terminals,” the report said. “They could see, in real time, what the operators were seeing on their screens and could manipulate the system” — a technique reminiscent of what Russian hackers did to a Ukrainian power grid two years ago.

The Government Accountability Office, the investigative arm of Congress, described “red team” hackers who were pitted against cyberdefenders at the Pentagon. The tested weapons were among a total of 86 weapons systems under development; many were penetrated either through easy-to-crack passwords, or because they had few protections against “insiders” working on elements of the programs.

Sometimes the testing teams toyed with their Pentagon targets. One team “reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.”

The searing assessment comes after years of warnings about the vulnerabilities of the military systems — some of which the Government Accountability Office said were ignored — and just as President Trump gives American commanders more flexibility to deploy cyberweapons without obtaining presidential approval.

It also suggests that the United States is vulnerable to cyberattacks when it seeks to disable enemy systems.

Nuclear weapons themselves were not included in the report; they are mostly controlled by the Energy Department, which oversees their design and testing. But nuclear weapons have become a focus of increasing scrutiny, both inside and outside the defense establishment.

Last month, the Nuclear Threat Initiative, a group that studies nuclear threats, published a detailed report about the risks that nuclear weapons systems could be subject to cyberattacks. It warned that such attacks “could have catastrophic consequences,” including the risk that weapons could be used in response to “false warnings or miscalculation.”

“The world’s most lethal weapons are vulnerable to stealthy attacks from stealthy enemies — attacks that could have catastrophic consequences,” former Energy Secretary Ernest J. Moniz, former Senator Sam Nunn and former Defense Minister Des Browne of Britain wrote in that report.

“Today, that fact remains the chilling reality,” wrote the three Cold War veterans. “Cyberthreats are expanding and evolving at a breathtaking rate, and governments are not keeping pace. It is essential that the U.S. government and all nuclear-armed states catch up with — indeed, get ahead of and stay ahead of — this threat.”

It can be a scary business that we’re in sometimes, huh?

I think all people can ask for is that we have our very best men and women on the case protecting us at all times. And if your business is looking for that kind of protection, look no further than The 20. Contact us today.

The title seems a bit obvious, right? Of course data privacy is important.  I mean, how could not keeping your data private be a good thing? Spoiler alert: it can’t. There’s only a downside.

Well what “data” are we speaking of, first off? That seems pretty vague…

For us as individuals, data can simply refer to what makes us all identifiable. This can include our address, our Social Security number; health and medical records to take it a step further. For the business sector, it can mean proprietary research and development data, or financial information that shows how a company is spending and investing its money.

And all of this information should be guarded based on relative importance. An example being that you probably wouldn’t think too much about sharing your name with someone you’ve never met before, while introducing yourself to them at a party. But then there’s other information you wouldn’t share with them, at least not initially, until you got to know that person a lot better. If you’re opening a new bank account, however, you’ll probably be asked to share quite a bit of personal information, that goes well beyond your name, and that’s okay.

Digital everything amplifies the importance of data privacy

But in 2018, everything is digital. We’ve digitized everything. This may not technically apply to everyone (shout out to all the senior citizens out there!), but by and large, it does. And if you’re reading this blog, it absolutely does.

When data that should be kept private gets in the wrong hands, bad things can happen. A data breach at a government agency can put top secret information in the hands of the enemy. A breach at a corporation can put proprietary data in the hands of a competitor. And so on and so forth; you get the point.

The Online Trust Alliance (OTA) in 2016 found that 34% of data breaches happen through external means. This is the traditional idea of hacking, where a perpetrator gains access to a system from the outside. About 7% of breaches occurred because of lost or stolen devices, and another 9% occurred because of lost, stolen or misplaced documents. While some of these issues happen by accident, others are planned attacks by hackers to acquire data.

Securing information is key to data privacy

Data security can only work in concert with strong preventative policies to back up the technology. While data security measures can be quite effective, important strategies such as keeping up with patches and utilizing encryption can help ensure that the technology actually works.

Securing information will continue to play a massive role in not only our personal lives, but in business and government. At The 20, our IT Management Platform, 24/7 Help Desk, and Network Operations Center (NOC) are 100% US-based so client information stays secure and in compliance with federal and industry regulations. Our nationwide group of IT companies support almost any technology we come across in the field, which gives us a competitive advantage that no other IT company can touch.

What are you doing to keep your data private?

IS YOUR #SMALLBIZ SAFE?

Small businesses are the target of almost two-thirds of all cyber attacks.

Download our infographic on the negative effects data breaches can bring to a company.