A handful of costly military satellites and ground stations were deployed between 2012 and 2016 so they could pass secure messages between the U.S. Army’s portable radios and cellular networks around the globe. But when a team of Navy hackers tested it in 2015 and 2016, the system turned out not to be so secure.
It had more than 1,000 cyber vulnerabilities, half of which had “a high potential of giving system access to an intruder,” a 2016 Pentagon testing report said.
The network, known as the Mobile User Objective System, turns out to be just one of many new major Pentagon weapons systems found vulnerable to hacking. A new report from auditors at the Government Accountability Office (GAO) concluded on Oct. 9 that “nearly all” of the weapons systems in the Pentagon’s $1.7 trillion dollar purchasing pipeline have glaring cybersecurity holes.
Here’s the problem: The Pentagon and other federal agencies for the past few years have been intensifying their efforts to protect their own computer networks from hacking – after some spectacular breaches, including a hack of sensitive government personnel files in 2015 and Edward Snowden’s theft of NSA files in 2013.
But the military hasn’t worked as hard over the past decade to protect its software-dependent weapons systems from hacking, according to the GAO.
The consequences in a crisis or military conflict could be grave, since cyber breaches involving weapons systems could in theory give an enemy the opportunity to make the weapons misfire or fail. It’s not the first time this warning has been issued — at least a half-dozen military studies since the 1990s have sounded alarms that Pentagon systems were becoming enticing hacking targets, the report said.
Only in 2014 did the Pentagon begin to routinely check for cyber vulnerabilities in new weapons systems, the GAO noted, and many systems haven’t been tested at all. “Until recently, DOD [Department of Defense] did not prioritize cybersecurity in weapon systems acquisitions,” the report said. “DOD is in the early stage of trying to understand how to apply cybersecurity to weapon systems.”