WASHINGTON (Reuters) – The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.
The U.S. Government Accountability Office (GAO), a watchdog unit of Congress, said in a 50-page report that the Pentagon found “mission-critical cyber vulnerabilities in systems” under development.
“Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report said.
Some program officials told GAO that the weapon systems were secure and discounted some test results as “unrealistic.”
While the Pentagon plans to spend about $1.66 trillion to develop major weapon systems, the report found, it had only recently taken steps to improve cyber security.
Cyber security has been receiving increasing attention among U.S military and intelligence officials.
Last week, Western countries issued coordinated denunciations of Russia for running what they described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.
In some of the strongest language aimed at Moscow since the Cold War, Britain said Russia had become a “pariah state.”
The United States said Moscow must be made to pay the price for its actions. Their allies around the world issued stark assessments of what they described as a campaign of hacking by Russia’s GRU military intelligence agency.
“Due to this lack of focus on weapon systems cybersecurity,
(Department of Defense) likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.
Reporting by Idrees Ali; Editing by David Gregorio