Periodically, the government issues reports reminding us that the nuclear missile system runs, in part, on 8-inch floppy disks. It’s disgraceful. It’s shameful. It’s a sign of government rot and poor prioritization.
Well, it might be. It’s probably not the smartest thing, in all respects, to run nuclear defenses off computers too weak to play Zork. But on the other hand, as a new GAO report makes clear, there are arguably some advantages to running one’s nuclear defense system off a computer that can’t play Zork. It leaves time for playing Spacewar on a PDP-1!
Just kidding. It’s because our other weapon systems are so riddled with vulnerabilities, you’d think they were running Windows 98 SE with ActiveX, Active Desktop, and Outlook Express installed. (Kids, to people of a certain era, that’s practically a death threat). The report starts by noting that for decades, the DoD “did not prioritize” matters of weapon security and is still figuring out how to better address these threats, despite the fact that we’ve been facing them for decades. This does not bode well for what happens in the next paragraph.
In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic. Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications. In addition, vulnerabilities that DOD is aware of likely represent a fraction of total vulnerabilities due to testing limitations. For example, not all programs have been tested and tests do not reflect the full range of threats.
In fairness, this isn’t quite as bad as it looks — or, rather, it’s exactly as bad as it looks, but some of these issues are possible to mediate. Tests can be tightened. Password requirements and security training can be improved. Vulnerability modeling can be enhanced. So far so good, right?
Unfortunately, the DoD doesn’t seem to be starting from, say, 2012 or even 2006. Think Captain Marvel’s MCU timeline and you’d be closer to the mark. From the report:
One test report indicated that the test team was able to guess an administrator password in nine seconds. Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet and gain administrator privileges for that software. Multiple test teams reported using free, publicly available information or software downloaded from the Internet to avoid or defeat weapon system security controls.
NPR writes: “In several instances, simply scanning the weapons’ computer systems caused parts of them to shut down.”
Tests had to be aborted afterward because the partial shutdown could’ve put the test team in danger. Problems, even when identified, are often left unresolved, with the GAO noting that out of 20 issues identified by a previous iteration of a security report with solutions, only one solution had been implemented.
One major reason for the problems? Pay scales. Top security engineers often earn more than $200K in the private sector, whereas the government isn’t known for being nearly so lucrative.
Protect Your Online Privacy With the 5 Best VPNs
Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorite consumer services.
How to Build a Face Mask Detector With a Jetson Nano 2GB and AlwaysAI
Nvidia continues to make AI at the edge more affordable and easier to deploy. So instead of simply running through the benchmarks to review the new Jetson Nano 2GB, I decided to tackle the DIY project of building my own face mask detector.
The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.
Elon Musk’s Neuralink Shows Off a Monkey Playing Pong With Its Mind
The secretive company has just released a video demonstrating its brain-machine link technology. It features a monkey drinking smoothies and playing Pong with its brain.