“The Defense Department’s inconsistent security practices leave technical data about the nation’s missile defense system vulnerable to inside and outside threats, according to the agency auditor. The ballistic missile defense system is designed to detect and intercept incoming missiles before they hit their intended targets. The system is made up of many elements, some run by the government and others by cleared contractors. The Defense Department keeps the system’s technical information—such as engineering data, algorithms and source codes—on its classified networks. ‘The disclosure of technical details could allow U.S. adversaries to circumvent [ballistic missile defense system] capabilities, leaving the United States vulnerable to deadly missile attacks,’ the Defense Department Office of Inspector General said in an audit. The OIG found known network vulnerabilities that hadn’t been mitigated at three of the five facilities examined and intrusion detection capabilities that had not been implemented. Inspectors also flagged several situations that a malicious insider could exploit. In general, the network administrators had poor access controls in place. They didn’t require multifactor authentication to access the system’s technical information, nor did they require written justification from users for elevated access. They also allowed users to save unencrypted data to removable drives without monitoring them.”
Source: Poor Security Could Leave U.S. Defenseless Against Missile Attacks – Nextgov
