Missile Shield: Hacker Heaven

FacebookXPinterestEmailEmailEmailShare

ft1_56.jpgIt's bad enough that the $10 billion a year missile shield -- especially its ground-based interceptors -- routinely flunk their test runs.
But what's potentially worse is that the anti-missile system may have been left wide open to hackers, with "such serious security flaws that the agency and its contractor, Boeing, may not be able to prevent misuse of the system, according to a Defense Department Inspector Generals report.

The report, released late last month, said MDA [the Missile Defense Agency] and Boeing allowed the use of group passwords on the unencrypted portion of MDAs Ground-based Midcourse Defense (GMD) communications network.
The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement was not in the contract."
The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.

(Big ups: Jeff)
UPDATE 03/20/06 1:12 PM: You knew this was coming. The Pentagon has yanked the Inspector General's report off of its website. Luckily, Federal Computer Week saved itself a copy.
(Big ups: Vic)
Story Continues
Missiles DefenseTech DefenseTech