When you think of the Department of Defense and the Pentagon, you probably assume that sophisticated security is a given. After all, the department charged with protecting the U.S. takes its job very seriously.
All that is true, but it doesn’t mean that even the DoD and Pentagon don’t have their obstacles.
The Government Accountability Office (GAO) recently delivered some alarming news, reporting that penetration testers had been able to breach security controls for new weapons systems. Worse: Those securities were said to be fairly simple for a hacker to undermine. While the report left specific vulnerabilities classified, it included indications about defense shortcomings. For instance, one tester was able to guess a key system password within nine seconds. Some systems used publicly available software for protection, with default passwords in use.
The Pentagon has heard similar warnings from watchdog groups for some time and began initiatives to improve weapons security within the past five years. As a result of the recent reports, it also launched a “hack the Pentagon” bug bounty program to identify and close gaps in key security systems.
The repercussions of hacked systems at the DoD are obviously high. Enemies tampering with weapons could cause misfires or weapons failures, which could have grave consequences in a time of conflict. That’s no doubt one reason why Pentagon security issues receive significant attention.
But these issues aren’t unique, and they can affect key infrastructure systems on a wide scale. The need for action across the board, not just in this nation’s defense, is reaching a critical level.
Experts point to a number of components involved in addressing security issues at the DOD. Regular patching and configuration management plays a key role. Higher up the chain, software development processes need to adopt modern processes that incorporate security. Ongoing intelligence and consistent monitoring also are necessary to keep pace with ever-evolving threats. These solutions have relevance not just for our defense but for agencies across the U.S. government.
Lunarline is prepared to assist agencies and organizations with security enhancements across the board, from continuous monitoring programs and intelligence tools to patch management and software development processes. To learn more, contact us today.