WASHINGTON (Reuters) – The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.
The U.S. Government Accountability Office (GAO), a watchdog unit of Congress, said in a 50-page report that the Pentagon found “mission-critical cyber vulnerabilities in systems” under development.
“Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report said.
Some program officials told GAO that the weapon systems were secure and discounted some test results as “unrealistic.”
While the Pentagon plans to spend about $ 1.66 trillion to develop major weapon systems, the report found, it had only recently taken steps to improve cyber security.
Cyber security has been receiving increasing attention among U.S military and intelligence officials.
Last week, Western countries issued coordinated denunciations of Russia for running what they described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.
In some of the strongest language aimed at Moscow since the Cold War, Britain said Russia had become a “pariah state.”
The United States said Moscow must be made to pay the price for its actions. Their allies around the world issued stark assessments of what they described as a campaign of hacking by Russia’s GRU military intelligence agency.
“Due to this lack of focus on weapon systems cybersecurity,
(Department of Defense) likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.
Reporting by Idrees Ali; Editing by David Gregorio
WASHINGTON (Reuters) – The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities.
FILE PHOTO: U.S. Department of Homeland Security emblem is pictured at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia September 24, 2010. REUTERS/Hyungwon Kang
“The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.”
The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.
“The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace. Motivations include espionage, political and ideological interests, and financial gain,” according to the 35-page report reviewed by Reuters before its public release. “Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states.”
The report noted that by 2020 more than 20 billion devices are expected to be connected to the internet. “The risks introduced by the growing number and variety of such devices are substantial,” it said.
Nielsen said the government “must think beyond the defense of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners.”
The report also noted the 2015 intrusion into a federal agency resulted in the compromise of personnel records of over 4 million federal employees and in total impacted nearly 22 million people.
The DHS report said the agency “must better align our existing law enforcement efforts and resources to address new and emerging challenges in cyberspace, to include the growing use of end-to-end encryption, anonymous networks, online marketplaces, and cryptocurrencies.”
Nielsen will testify Tuesday at a Senate hearing.
In March, Nielsen said the department was prioritizing election cyber security above all other critical infrastructure it protects, such as the financial, energy and communications systems.
U.S. intelligence officials have repeatedly warned that Russia will attempt to meddle in the 2018 contests after doing so during the 2016 presidential campaign.
Nielsen said that more than half of U.S. states have signed up for the agency’s cyber scanning services, designed to detect potential weaknesses that could be targeted by hackers.
DHS said in 2016 that 21 states had experienced initial probing of their systems from Russian hackers in 2016 and that a small number of networks were compromised, but that there was no evidence any votes were actually altered.
Reporting by David Shepardson; Editing by Dan Grebler
The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own.
If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches.