An inspection of Ballistic Missile Defence Systems (BMDS) in the United States by the Department of Defense Inspector General (DOD IG) found serious unpatched vulnerabilities.
According to the report “Security Controls at DoD Facilities for Protecting Ballistic Missile Defense System Technical Information” published by the DoD revealed that the officials didn’t implement cybersecurity controls and processes to protect the BMDS technical information. The security audit stated the officials at BMDS are not following basic security practices like data encryption, antivirus programs, and multifactor authentication mechanisms at the BMDS facilities.
“We conducted this audit in response to a congressional requirement to audit the controls in place to protect BMDS technical information, whether managed by cleared Defense contractors, or by the Government. Cleared contractors are entities granted clearance by the DoD to access, obtain, or store classified information, to bid on contracts, or conduct activities in support of DoD programs,” the report stated.
The DOD suggested recommendations to data center managers at BMDS facilities to correct the identified systemic weaknesses found in the security audit report. “We recommend the development and implementation of a plan to correct the systemic weaknesses identified in this report at facilities that manage BMDS technical information,” the report added.
The recommendations suggested by DOD include mitigating the vulnerabilities constantly, implementing intrusion detection capabilities, and enforcing multi-factor authentication to access systems that process, store, and transmit the BMDS technical information.
The U.S. Government Accountability Office (GAO) recently conducted a study to evaluate the state of Department of Defense (DOD) weapon systems cybersecurity. The legislative branch government agency stated that most of the new weapons designed by DOD are vulnerable to cyber-attacks. GAO pointed out that DOD does not even know the full extent of the problems that existed in their weapons. In the report, GOA stated that it and others have warned DOD of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity.