A new report by the United States Government Accountability Office (GAO) has revealed that “nearly all” the weapon system being developed by the US military between 2012 and 2017 are vulnerable to cyber attacks.
In cybersecurity tests of major weapon systems that are being developed by the Department of Defense, testers were able to hack into some of the complex weapons systems and take control over them using relatively simple tools and techniques.
The GAO report released on Oct. 9 showed that in one case, a two-person team took only an hour to gain initial access to a weapon system, and just a day to gain full control of the system they were testing.
In some instances, the weapon systems that used commercial or open source software did not change the default password when the software was installed. It only took a search on the internet to find the passwords and gain administrator privileges.
According to the GAO, weapon program officials who were asked about these vulnerabilities believed that their systems were secure and discounted some of the test results as unrealistic.
The report stemmed from a request from the Senate Armed Services Committee, which asked the GAO to review the Pentagon’s efforts to secure weapons system.
“DOD plans to spend about $1.66 trillion to develop its current portfolio of major weapon systems. Potential adversaries have developed advanced cyber-espionage and cyber-attack capabilities that target DOD systems,” the GAO said.
The GAO looked at the data from the Pentagon’s own security tests of its weapon systems that are currently under development. It also interviewed officials responsible for cybersecurity, analyzing how the systems are protected and how these would respond to cyber attacks.
The weapons are vulnerable due to their connectivity to other systems, which the Pentagon has long considered as an advantage. Weapons such as the F-35 Joint Strike Fighter, for instance, have the ability to contact a range of other systems making it easier to share critical military information.
The GAO said that connectivity is why weapons systems are vulnerable. It means potential hackers only need to penetrate one of the connected systems to gain access to others.
In a statement to CNN, Pentagon spokesperson Maj. Audricia Harris said that the Pentagon takes threats to the nation seriously.
“We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our defense Industrial Base and defense Critical Infrastructure partners to secure critical information,” she said.
The GAO does not have any recommendation at this time and said it will continue to evaluate the issue.