One of the things that helps us sleep at night is knowing that in terms of military and defense, the United States really has no equal. The amount of tech at our country’s disposal is amazing, with everything from jets and ships to missile systems all being state-of-the-art.
Maybe it’s not something we think about much, but it is comforting to know it’s there in case our country needs it. But what if our defense weapons could be taken over by others?
As it all has become increasingly digital, the chances for them being hacked has increased. But according to a study into the matter, America’s defense system could be “easily hacked.” Worse than that, innovative tools are not necessary to do it.
That’s not good
The issue was discovered by the Government Accountability Office, who learned that vulnerabilities existed in most weapons systems tested between 2012 and 2017. The findings were detailed in a 50-page report from the Senate Armed Services Committee, and none of it speaks well of the defenses.
The concern is the vulnerability to cyber-attacks and, perhaps more than that, how easy it may be to accomplish. A lot was detailed in the report, but highlights (if you call them that) include a few areas that are puzzling.
For example, it was found that the Pentagon did not change default passwords on multiple weapons systems, and for one changed password it took all of nine seconds to come up with a correct guess. Also, a GAO-appointed team was able to gain control of one weapons system and watch in real time as operators responded to the hackers.
Furthermore, all GAO needed was a two-person team and one hour to gain initial access to a weapons system, with only one day being necessary to gain full control over it. Many of those tasked with testing the systems were able to copy, change or delete system data, and one team was even able to download 100 gigabytes of information.
According to the GAO, the Pentagon also does not know the full extent to which their weapons systems are vulnerable.
How can this happen?
A big reason for the vulnerability is that everything is so connected, and therefore hack into one thing and you will likely get access to even more. Many of the systems use open-source software, but never changed the default password when it was installed.
That allowed the security teams to look up the password online and gain administrative privileges. And given the connectivity of it all, one may not need direct access to a certain defense system in order to hack into it.
An example would be the F-35 Joint Strike Fighter, which is hailed for its ability to connect to other systems but that could then, because of that, potentially be infiltrated by hackers. All they would need to do is get into one of the systems it is connected to.
What does the Pentagon have to say about it?
A Pentagon spokesperson told CNN they take threats to the nation seriously, and are continuously strengthening defensive posture through network hardening and improved cybersecurity.
This study would seem to counter that, however, and given how much money is spent on defense, it is not only troublesome, but disturbing, too. The report did say the Pentagon is taking steps to improve its understanding of the vulnerabilities in its weapons systems, hoping to mitigate risks they may pose.
That said, there are significant challenges facing them, as the cost of improving all systems can be prohibited and it is not always easy to recruit and keep talented people in the cyber-security world. Along with that, it is better if the systems can communicate with each other, which means that kind of vulnerability is not likely to change.