US military is negligent in cyber security
Cybersecurity is one of the most important areas of modernity. Without reliable protection, companies and individuals are exposed to various threats - from stealing corporate secrets and money from accounts to stealing photos that are not intended for prying eyes. An even more dangerous situation is if information of a military nature falls into the hands of intruders, for example, access to any installations.
And this situation can arise at any time - at least, in the US Army. Recently a report was published on the study of information security in the troops of this country. According to the auditors, the situation is depressing. The reviewers identified 266 recommendations for solving problems, some “holes” have existed since 2008.
Military "auditors" have studied the current situation, as well as reports from previous years. It turned out that many problems are not solved at all, there are not even attempts to improve something. Earlier, the Pentagon was shown how to close 159 different “holes” to improve the protection system. But the military tried to do something only in 19 cases out of 159.
The described problems are related to all types of troops, the importance of problems ranged from “very serious” to “ordinary”. For example, those troops that are responsible for US missile defense are negligent about the possibility of physical access to equipment by outsiders. The doors of the server cabinets are not closed, despite strict instructions to close them.
The network equipment specialists performed the repair work and did not notify the security service of the need to close physical access to the equipment after the completion of the service work. In addition, the data that military officers transfer from computer to computer using removable storage media is not encrypted. According to the data that the verifiers provide, only 1% of the total data that is prescribed to be protected is encrypted.
The problem is revealed in the same division that is responsible for the country's missile defense.
And if the military itself does not behave too cautiously, then contractors with their negligence stand out even against the background of regular troops. So, out of seven contractors, five who have access to the network with data on rocket technical information are far from alwaysuse multifactorial protection. Contractors do not perform risk assessment, do not encrypt storage media, use weak passwords. System administrators of five of the seven contractors did not enforce the session after 15 minutes of inactivity, which is required by the military. It turns out that the current session lasts indefinitely until the PC itself turns off.
Moreover, various military networks are still easily vulnerable even for standard hacking tools. In October, it was claimed that many Pentagon systems are almost open to cyber attacks. Developers of different types of weapons with network functions do not care much about security systems. Cybersecurity issues are given a minimum importance status when developing such systems. The work on information security of weapons systems is being done lightly, so that there are many weak points in the infrastructure. For example, the Air Force does not change the default login / password bundles when using any weapon.
Separately, we can mention the electronic medical records of military patients. According to the inspectors, this question can be called the security nightmare. According to the requirements, passwords must be 15-character, with numbers, symbols, upper and lower case letters. Instead, simple passwords are used, which can be selected by the search method.
As in the case of rocket defense, almost nothing is encrypted in medicine, hacking such systems is simple, and medical terminals are not programmed to automatically terminate sessions.
Many of the problems, according to the auditors, are related to management flaws - the Pentagon simply did not develop an effective cyber security management system. Therefore, the US military continues to face increasingly sophisticated cyber threats from opponents. In particular, these are attacks that are aimed at disrupting the work or, partially or even completely destroying targeted information systems.