Why Military Weapons Are Vulnerable to Cyber Attacks (And What to Do About It)
- On: 16, Oct 2018
3 min read
While the UK is still reeling from cyber attacks, it was recently revealed that a shocking amount of US military weaponry is easily accessible, hackable, and potentially controllable due to poor security practices.
Military vulnerability to cyber attacks is worrying for obvious reasons: weapons are dangerous, and those working in the military at this level are the highest-ranking Defence staff who are most qualified to protect the public. Yet, through underinvestment, lack of awareness, rapid technological advancements in hacking software and any number of factors, cyber attacks on military weapons are an increasingly prevalent threat.
A recent report from the United States Government Accountability Office reveals an increased risk of cyber attacks on the military, but provides no details about what types of weapons were tested, other than ‘nine major defence acquisition programmes.’ No comment was offered on whether these programmes were nuclear in nature.
The report states that many of the weapons or systems that control them are vulnerable to some form of cyber attack. These attacks may be able to take place without the military teams in control of weapons being aware of them. These weaknesses were designated as ‘mission-critical cyber vulnerabilities.’ Over five years, Department of Defence testers routinely found these vulnerabilities in nearly all weapon systems that were under development or in circulation.
This is possible by a great many advanced weapons systems being developed by private companies, thus having factory-set passwords upon arrival. These passwords were left unchanged, allowing them to be easily found online. It was discovered that routine cyber-safety tests were not carried out, due to department heads stating that they ‘did not believe that cybersecurity applied to weapon systems.’
In some cases, hackers would be able to sit inside a system and watch an operator’s every move and take over completely in less than a day if they wanted to. Because so many systems are networked together, hackers only need to get into one system and can then move like a virus through the whole network.
Vulnerabilities found within the military systems included being able to turn a weapon on or off, affect missile targeting, adjust oxygen levels or manipulate what controllers see on their computer screens. All would be devastating within a live combat operation and could result in loss of life.
Test attackers were even able to reach in and download data remotely, then delete it from the server. This could cripple defence networks, or completely remove functionality from certain weapons.
The recent oversight could suggest that other Defence and government bodies have also been overestimating their levels of military security. This may embolden certain hacking groups to take more risks and launch cyber campaigns in places they never would have dared attack previously.
Secondly, the military cyber attacks report highlights an imbalance in global cyber security. America is entirely dependent on networks of information and communication. In the event of all-out cyber warfare, the US has a huge geographical area to cover, to anticipate and to control. Having built a formidable offensive arsenal, cyber attacks could leave the US military vulnerable with reduced protection.
One could argue that the USA’s best choice would be to limit possible damage in the event of a cyber attack by compartmentalising their networks, splitting things up, dispersing control and decentralising their chain of command. However, this would be counterintuitive to hundreds of years of military strategy.
To prevent further military cyber attacks, the US can build up its defences. All military institutions and defence agencies will have to ensure they’re fully safeguarded against cyber incursions. This may require retraining and the reimplementation of security protocols from the ground up. A large portion of risk can be identified with undertrained or unqualified individuals who have access to systems needing stronger security; in one case, an assessment found 19 of 20 vulnerabilities unearthed in a previous assessment had not been fixed.
Making sure security is up-to-date is time-consuming, requiring constant research and testing. But the alternative is to ignore it, leaving yourself vulnerable and poorly-equipped to deal with an attack that is certain to come.
The best practice is to implement a robust system, operated by a highly educated security team.
To recruit the best Defence staff, request a call back below.