Connect with us

Hacker News Vulnerability

Worrying Finds from a Cybersecurity Audit on US Ballistic Missile Defense Systems

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Worrying Finds from a Cybersecurity Audit on US Ballistic Missile Defense Systems

Published

4 years ago

on

Worrying Finds from a Cybersecurity Audit on US Ballistic Missile Defense Systems

This week it was revealed that inadequate cybersecurity practices are being used to protect the US ballistic missile defense systems (BMDS). The report was released earlier this week by the US Department of Defense.

The report is heavily redacted due to security and privacy concerns, as is typical with government documents of this nature. However, it does highlight some areas where US cybersecurity for the BMDS is lacking:

  • Failed to utilize multifactor authentication
  • Vulnerability assessments and mitigation are underutilized
  • Server rack security is a concern
  • High protection needed for classified data stored on removable media
  • More physical security should be utilized, such as cameras and sensors
  • Lack of, or not enough routine assessments
  • Increased protection needed for encrypting transmitted technical information

Some specific examples of cybersecurity issues are as follows. In one DoD facility users were permitted to use a single-factor authentication (username and password) for up to 14 days after their account creation. However, it was found that even when these 14 days passed, users were continuing to use a single factor authentication. In another facility, a system was being used that doesn’t even support multifactor authentication.

Even at facilities that did have multifactor authentication, other security concerns were at play. Many systems were not patched correctly, in one facility it was found that a security patch to protect against vulnerabilities was not applied, and this patch was available in January 2018.

Other facilities were not encrypting important data that was being stored on removable devices, adding to this, some facilities said they weren’t aware they needed to encrypt data on removable devices. Some facilities were using systems that didn’t keep track of what data was being copied.

In terms of next steps, the DoD is planning to fix these issues in their facilities and provide a higher level of cybersecurity going forward.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *