US military neglecting cyber security issues

Cybersecurity is one of the most important areas of modernity. Without reliable protection, companies and individuals are exposed to various threats - from stealing corporate secrets and money from accounts to stealing photos that are not intended for prying eyes. An even more dangerous situation is if information of a military nature falls into the hands of intruders, for example, access to any installations.

And this situation can arise at any time - at least, in the US Army. Recently, a report was published on the study of information security in the troops of this country. According to the inspectors, the situation is depressing. The reviewers identified 266 recommendations for solving problems, some “holes” have existed since 2008.

Military "auditors" studied the current situation, as well as reports from previous years. It turned out that many problems are not solved at all, there is not even an attempt to improve something. Earlier, the Pentagon was shown how to close 159 different “holes” to improve the protection system. But the military tried to do something only in 19 cases out of 159.

The problems described relate to all types of troops, the importance of problems ranged from “very serious” to “ordinary”. For example, those troops that are responsible for US missile defense are negligent about the possibility of physical access to equipment by outsiders. The doors of the server cabinets are not closed, despite strict instructions to close them.

The network equipment specialists performed repair work and did not notify the security service of the need to close physical access to the equipment after the completion of the service work. In addition, the data that military officers transfer from computer to computer using removable storage media is not encrypted. According to the data provided by the verifiers, only 1% of the total data that is required to be protected is encrypted.

The problem was revealed in the same division, which is responsible for the country's missile defense.

And if the military itself does not behave too cautiously, then contractors with their negligence stand out even against the background of regular troops. Thus, of the seven contractors, five who have access to the network with data on rocket technical information do not always use multifactor protection. Contractors do not perform risk assessment, do not encrypt storage media, use weak passwords. System administrators of five out of seven contractors did not enforce the session after 15 minutes of inactivity, which is required by the military. It turns out that the current session lasts indefinitely until the PC itself disconnects.

Moreover, various military networks are still easily vulnerable even for standard hacking tools. In October, it was claimed that many Pentagon systems were almost open to cyber attacks. Developers of different types of weapons with network functions do not care much about security systems. Cybersecurity issues are given a minimum importance status when developing such systems. Work on the information security of weapons systems is being done lightly, so there are many weak points in the infrastructure. For example, the Air Force does not change the default login / password bundles when using any weapon.

Separately, we can mention the electronic medical records of military patients. According to the inspectors, this question can be called the security nightmare. According to the requirements, passwords must be 15-character, with numbers, symbols, upper and lower case letters. Instead, simple passwords are used that can be picked up by a brute force method.

As in the case of rocket defense, almost nothing is encrypted in medicine, hacking such systems is not difficult, and medical terminals are not programmed to automatically terminate sessions.

Many of the problems, according to the auditors, are related to management flaws - the Pentagon simply did not develop an effective cyber security management system. Therefore, the US military continues to face increasingly sophisticated cyber threats from opponents. In particular, these are attacks that are aimed at disrupting the work or, in part or even completely destroying targeted information systems.