UPDATED 21:27 EST / DECEMBER 17 2018

SECURITY

Audit finds serious problems with cybersecurity at ballistic missile installations

A report from April that was published for the first time by the U.S. Department of Defense last week has found that cybersecurity at ballistic missile installations varied from lax to outright bad.

The report, first detailed by ZDNet today, said the DoD Inspector General audited five separate locations that are part of the Ballistic Missile Defense System program. That program is tasked with protecting U.S. territory through the interception of nuclear missiles.

Every single location audited had security issues.

At three locations, two-factor authentication was only partially used or not used at all. Something as simple as patching vulnerabilities in software was also lacking at three locations, while physical security controls to servers were also not limited.

All five locations failed on maintaining justification for access, meaning they would not regularly purge older accounts from their networks.

dodreport

The report covered five locations of a network of 104, but the report noted that if applied across all of them, the entire network could be easily attacked in the case of a conflict.

Not everyone was negative on the news. Lamar Bailey, director of security research and development at Tripwire Inc., told SiliconANGLE that although the report at first glance this sounds horrible, the key word in the findings is “consistently.” He noted that a table in the report (above) shows results for the facilities visited broken down into weaknesses in the seven areas audited.

“Only one audit hit all five locations and this dealt with justification for access,” Bailey explained. “Five of the weaknesses say they were not ‘consistently’ used but this can apply to ‘administrative, facility, a lab or both’ so they may not apply to the networks with the defense/offense controls.”

He also noted that the audit was only done at five facilities, fewer than 5 percent of those in operation. “We should not take a Chicken Little stance here, but remember basic security hygiene and foundational security controls apply to everyone,” he added.

Photo: U.S. Navy

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU