Nearly all new U.S. weapons systems have ‘critical’ cybersecurity problems

Earlier this week, the Government Accountability Office released a report stating that almost all U.S. military’s newly developed weapons systems suffer from “mission-critical cyber vulnerabilities,” suggesting military agencies have rushed to computerize new weapons systems without prioritizing cybersecurity.

Giving some further insight on the story, Gavin Millard, VP of threat intelligence at Tenable, said:

“The US Government Accountability Office’s report [that the US military’s newly developed weapons systems all suffer from ‘mission-critical cyber vulnerabilities] is a concern, but it’s not really a surprise nor will it be limited to purely US weaponry.

“For too long the development cycle of anything and everything has been focused on functionality first with cybersecurity an afterthought, if it’s considered at all. That has to change. 

“It’s not just dangerous for security to be ignored, as this report highlights, but issues that are found post development can be incredibly difficult, assuming it’s even possible, to fix.

“When insecurities are discovered all too often they’re not new issues but demonstrate a lack of basic cyber hygiene practices. As illustration, we see routers shipped with default passwords that are difficult to change, or outdated protocols are used which are easy to exploit. For example, one would hope telnet or ftp have been dumped on the scrapheap but unfortunately, they keep on popping up.

“In the era of digital transformation, cyber security has to be front and centre when creating devices, designing infrastructure or even retrofitting communication options within existing technology. Until best security practices are baked into the development lifecycle, issues like this will continue to put everybody at risk.”