The series of reported security flaws in the Missile Defense Agency?s (MDA) Ground-based Midcourse Defense (GMD) communications network are especially galling for a number of reasons. First, all of the reported failings are both required by DoD policy and more importantly commonly accepted as security vulnerabilities within the information security community. For example, according to the DoD Inspector General?s report, the MDA had failed to implement an audit trail function on the unencrypted portion of its GMD communications network. According to noted security expert Bruce Schneier , Chief Technology Officer at Counterpane Internet Security, an automated audit trail system was vital to detect threats from insiders and attacks by outside hackers. Moreover, DoD policy mandates that audit trails be implemented to ?protect the integrity, availability, and confidentiality of the information in that system.?

In addition, the MDA allowed users to access the unencrypted portion of the GMD communications network via a group account rather than requiring each user to log into the network with own individual accounts. This lack of proper user account management is especially disconcerting when one considers the fact that a large percentage of cyber attacks originate from within an organization. For example, according to the E-Crime Watch Survey, “current or former employees and contractors are the second greatest cyber security threat, preceded only by hackers.” As a result, granting this high level of trust to users without a proper level of oversight is a recipe for disaster.

Second, there is a widespread concern throughout the Pentagon that the DoD?s communications network is the US military?s soft underbelly. According to Marine Corps Lt. General Robert Shea , Director of Command, Control, Communications and Computer Systems on the Joint Staff, ?the network is our center of gravity, and our ability to defend it is our Achilles? heel.? Should these networks come under a sustained attack from a determined adversary, it should be expected that the military would suffer a degradation in its ability to command and control its disparate forces. Therefore, leaving portions of its defense network exposed to attack defies logic.

Third, there is also an understanding within the Pentagon that many adversaries are studying the weaknesses in the US military?s communications network for potential avenues of attack. For example, it is thought that North Korea is training a cadre of computer ?hackers? to penetrate enemy computer networks. Additionally, according to a 2005 DoD report, entitled The Military Power of the People?s Republic of China , ?the PLA has likely established information warfare units to develop viruses to attack enemy computer systems and networks.? Moreover, it is also widely believed within intelligence and law enforcement circles that a recent series of cyber attacks against DoD networks originated from China. Therefore, leaving vulnerabilities in our defense networks only further invites our enemies to exploit these weaknesses.

As a result, continued development on the GMD communications network should be halted until these important security issues are addressed. Fielding a system with such glaring security weaknesses will only open an additional avenue of attack for our adversaries to exploit.