A US DOD cybersecurity audit of US missile defense systems outlined the failure in the implementation of basic cybersecurity controls like data encryption and multifactor authentication.
The report which was released last Friday, also revealed how officials are employing substandard cybersecurity practices to fortify the United States’ ballistic missile defense systems (BMDS).
The audit deduced that the networks and systems that store, process and transmit BMDS technical information were not protected by the US Army, Navy, and MDA. The information that was left unfortified by the US officials is of highly sensitive nature and could have been exploited to incite security threats.
“The disclosure of technical details could allow U.S. adversaries to circumvent BMDS capabilities, leaving the United States vulnerable to deadly missile attacks.” the heavily redacted report reads.
“Inadequate security controls that result in unauthorized access to or disclosure of BMDS technical information may allow U.S. adversaries to circumvent BMDS capabilities, leaving the United States vulnerable to missile attacks that threaten the safety of U.S. citizens and critical infrastructure,”
Along with the computer and data security issues, the presence of physical security issues was also noted. Officials discovered mismanagement at data center managers at BMDS facilities, they found instances of server racks not being locked.
Unfortunately, the draft report attracted no response from Chief Information Officers of various facilities. Now, the Director, Commanding General, Commander, and Chief Information Officers are asked by the Inspector General’s office to comment on the findings of the final report latest by 8th of January, 2019.