UPDATED 21:27 EDT / DECEMBER 17 2018

180326-N-UK333-005 PACIFIC OCEAN (March 26, 2008) An unarmed Trident II D5 missile launches from the Ohio-class ballistic missile submarine USS Nebraska (SSBN 739) off the coast of California. The test launch was part of the U.S. Navy Strategic Systems Program’s demonstration and shakedown operation certification process. The successful launch certified the readiness of an SSBN crew and the operational performance of the submarine’s strategic weapons system before returning to operational availability. (U.S. Navy photo by Mass Communication Specialist 1st Class Ronald Gutridge/Released) SECURITY

Audit finds serious problems with cybersecurity at ballistic missile installations

A report from April that was published for the first time by the U.S. Department of Defense last week has found that cybersecurity at ballistic missile installations varied from lax to outright bad.

The report, first detailed by ZDNet today, said the DoD Inspector General audited five separate locations that are part of the Ballistic Missile Defense System program. That program is tasked with protecting U.S. territory through the interception of nuclear missiles.

Every single location audited had security issues.

At three locations, two-factor authentication was only partially used or not used at all. Something as simple as patching vulnerabilities in software was also lacking at three locations, while physical security controls to servers were also not limited.

All five locations failed on maintaining justification for access, meaning they would not regularly purge older accounts from their networks.


The report covered five locations of a network of 104, but the report noted that if applied across all of them, the entire network could be easily attacked in the case of a conflict.

Not everyone was negative on the news. Lamar Bailey, director of security research and development at Tripwire Inc., told SiliconANGLE that although the report at first glance this sounds horrible, the key word in the findings is “consistently.” He noted that a table in the report (above) shows results for the facilities visited broken down into weaknesses in the seven areas audited.

“Only one audit hit all five locations and this dealt with justification for access,” Bailey explained. “Five of the weaknesses say they were not ‘consistently’ used but this can apply to ‘administrative, facility, a lab or both’ so they may not apply to the networks with the defense/offense controls.”

He also noted that the audit was only done at five facilities, fewer than 5 percent of those in operation. “We should not take a Chicken Little stance here, but remember basic security hygiene and foundational security controls apply to everyone,” he added.

Photo: U.S. Navy

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.