This story originally appeared in The Lowdown, ABP’s weekly roundup of news, culture, holy-shit awesomeness, event updates & exclusive offers delivered straight to your inbox. Click here to subscribe.
Considering most government reports sound like insomnia cures, the title alone of this one is bone chilling. On October 9 the Government Accountability Office, the federal agency that audits other agencies, issued, “Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities.”
The Senate Armed Forces Committee asked the GAO to do an audit of current Department of Defense cybersecurity measures, and the agency’s findings after reviewing the DOD’s internal testing are startling—especially considering we’ve known about this threat since at least 1983, if not earlier. (God bless you, Matthew Broderick)
‘Death Watch’: Essentially, hackers hired to test the DOD’s cyberdefenses waltzed right through the security and took control of U.S. weapon systems without anyone knowing. The DOD exposed itself with unencrypted communications and failed to follow basic rules that today’s toddlers learn, such as changing default passwords, according to the report. In some cases, the hackers went undetected while operating inside the system for weeks. At other times automated software meant to catch attacks worked properly, but the humans monitoring it failed to respond.
“In the private sector, this is the sort of report that would put the CEO on death watch,” R. David Edelman, who served as special assistant to President Obama on cybersecurity and tech policy told WIRED.
So, they jumped on this, right? Ummm, not exactly. The DOD hasn’t said much on the record since the report came out, but quotes in the document itself indicate they seem to be casually shrugging off this existential threat to humanity.
“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” the report states.
The GAO team’s testing only looked for the easiest targets, which means many systems and potential vulnerabilities have yet to be probed.
Safety first: The most recent budget allotted a record $700 billion for military spending, which will be worthless if the computers running all those high-priced fighter jets, drones and navigational systems are under someone else’s control.