US-govt report: Major US weapons systems can be easily hacked
In an era where the very nature of warfare is shifting towards the digital, cybersecurity of increasingly-automated and software-based weapons systems ought to be a priority. Yet, it seems this point had escaped the US Department of Defense (DoD) - a report by a US Government agency has found that it's extremely easy to hack an entire generation of US weapons systems. Here's more.
The overview of the US GAO's findings
The US Government Accountability Office (GAO) was tasked with reviewing the state of cybersecurity of DoD weapons and reported extremely worrying findings, not just for the US government, but also for the rest of the world. The report found that hackers were able to digitally hijack a multitude of "major weapons systems" within an hour! What's more? They could do so while remaining undetected.
How the GAO carried out the tests
To test vulnerabilities, the GAO had ethical hackers pose as adversaries. What they found was that these hackers were able to bypass security of several weapons systems with relative ease, and could do so largely undetected owing to "basic issues such as poor password management and unencrypted communications". The tests covered only a fraction of weapons systems, and many more vulnerabilities could be abound.
Hackers could manipulate all software-enabled weapons functions
Understandably, owing to national security reasons, the GAO report left out crucial details including the specific list of weapon systems that are currently vulnerable to cyber attacks. However, it noted that software-enabled functions like the powering on/off of a system, missile targeting, auto-pilot, an aircraft's oxygen levels etc. could all be manipulated by hackers in the instance of a successful cyber attack.
Cyber-threats to weapons systems poses a threat to global security
This is particularly pertinent, considering that automation and connectivity have become an indispensable part of modern weapon systems, and DoD weapon systems are increasingly becoming software-dependent and networked. Given this reality, the possibility of weapon systems being compromised poses a massive threat to global security insofar as a hacker-controlled rogue weapons system could trigger hostilities, and even war, by carrying out unwarranted attacks.
For decades, the GAO's warnings about cybersecurity weren't heeded
In its report, the GAO further notes that it had, for decades, warned the DoD about the importance of cybersecurity but that those warnings were left largely unheeded, until recently. However, the late realization on part of the DoD has its consequences - the department is still in the process of determining how best to address the vulnerabilities found by the GAO report.
The DoD has, of late, taken steps to address cybersecurity
That said, the DoD has, of late, taken several steps to bring its weapons systems' cybersecurity up to the mark. Directed by the Congress, the DoD has initiated fresh efforts to understand the scope and nature of cybersecurity threats and address cyber vulnerabilities. It has also started issuing new guidelines, and revising old guidelines pertaining to the cybersecurity. But, is it already too late?
The laxity on part of the DoD is inexcusable
Considering the GAO's warnings, the laxity on part of the DoD is simply inexcusable. For a country that has the world's largest military spending budget, and plans to spend an astronomical $1.66 trillion to develop its current portfolio of weapons systems, the US' short-sightedness in matters of weapons system cybersecurity reeks either of complete incompetence or wilful ignorance.
