A new report out of the Government Accountability Office says the Department of Defense is "just beginning to grapple" with vulnerabilities in most of its new weapons systems. The upshot of the 50-page GAO analysis, per NPR: that, based on five years' worth of tests, "nearly all" of its latest weapons systems are a cybersecurity nightmare, with easy-to-guess passwords and known vulnerabilities that were never remedied, among other issues. Just as concerning is that the DOD doesn't even know "the full scale of its weapon system vulnerabilities" as the tests that were carried out "were limited in scope and sophistication," the GAO notes. The tests, conducted from 2012 to 2017, were initially prompted by a request from the Senate Armed Services Committee to look into just how secure the Pentagon was able to keep its weapons systems.
The GAO notes the "widespread examples of weakness" fell under the umbrella of four cybersecurity categories: "protect, detect, respond, and recover." The results weren't great: In one case, for example, a test hacker guessed an admin password in nine seconds; in another, two testers needed just an hour to gain initial access to a weapons system. And, "once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system." To make matters worse, when vulnerabilities were found, they were often neglected: One test report showed just one vulnerability remedied out of 20 identified. Staffing issues contribute to the problem, as the salaries that cybersecurity aces can command in the private sector far exceed those that the government can pay. Full eye-opening report from the GAO here. (Read more Pentagon stories.)