Digital dorensic experts from the International Cybernetic Security Institute report that the general inspector of the United States’ Defense Department has published a report that reveals security errors relating to the protection of ballistic missile systems of the american militia.
These systems are considered a very important element in the military infrastructure of the United States, because between their main tasks is the defense operation against short, medium and long range missile attacks. In the report, the experts warn about possible cybernetic attacks against these systems, mainly atatck campaigns operated by other nations.
In March 2014, the Comunication Director of the Defense Department(DDD) informed that the plans to implement the guaranteed controls of the defense infrastructure by the National Institute of Standards and Technology (NIST) to improve the cybersecurity protocols in the military systems of the United States. However, 4 years passed since the announcement and the state of the cybersecurity of these systems are still critical, according to the didigtal forensic experts, as a lot of the announced standars are still without implementation.
“We evaluate the systems of the DDD to verify if the controls guaranteeds by the NIST were correctly implemented with the objective of protecting technical details about the operation of these systems, that we consider critical”, said the report of the general inspector of the DDD.
Regarding the report, in it we can find indications that the BMDS lacks of basic controls, like the authentification of 2 factors, vulnerabilities evaluations, classified data protection, transmissions encodment, hardware security and security elements like surveillance cameras and movement sensors. “We have concluded that the public servants of the DDD didn’t implemented security controls and processes to protect the technical information of the BMDS”, said the report.
“Some of the public servants of the BMDS didn’t encode the data stored in the removable devices, because they thought that it wasn’t necessary”, said the report. According to the digital forensic experts, in the report it is also mentioned the mistakes in the patching administration to correct multiple installation systems. In some cases, vulnerabilities were found without haven’t been corrected since year 2013.
In the report also stands out the security problems in the physical infrastructure, as a lack of control of adecuate accesses, exposed restricted locations and the lack od security cameras in the critical places of some instalations.
The report of the DDD also includes some recommendations like the use of a multifactor authetication, the protection of removable storage devices and the implementation of detection systems for possible intruders.