U.S. Ballistic Missile Systems Lack Cybersecurity

U.S. Ballistic Missile Systems Lack Cybersecurity

A Department of Defense report found no anti-virus, no data encryption and no multi factor authentication.

  • By Sydny Shepard
  • Dec 19, 2018

A report put together by the Department of Defense found that the U.S.' ballistic missile system lacked data encryption, antivirus programs and multifactor authentication methods. The report also found that some 28-year-old vulnerabilities remain unresolved.

The report was put together earlier this year after DOD officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS), a DOD program developed to protect US territories by launching ballistic missiles to intercept enemy nuclear rockets. The recent security audit concluded that "the Army, Navy and MDA did not protect networks and systems that process, store, and transmit BMDS technical information."

Auditors found several problematic areas, including the fact that multi factor authentication was not consistently used. Under normal circumstances, any new MDA employee would receive a username and password that they could use to access BMDS' network. As new employees are eased into their new jobs, they'd also receive a common access card (CAC) that they'd have to enable for their accounts and use together with their password, as a second-factor authentication. Normal procedure says that all new MDA workers must use multi factor authentication within two weeks of being hired.

The DOD found that at three of the five locations, investigators found that many users did not enable multi factor authentication for their accounts, and were still using their username and password to access BMDS' network.

The DOD also found that vulnerabilities were not consistently patched, removable media data was not encrypted and no intrusion detection and prevention system was ever implemented. 

 On top pf the cybersecurity concerns, there were also vulnerabilities in the physical security of the locations. For example, MDA personal didn't challenge auditors who entered buildings without proper badges, allowing unauthorized personnel to wander around through top secret buildings.

The MDA currently has 104 ballistic missile locations and plans to build another 10, but if it doesn't improve both its physical and cybersecurity protections, these bases could easily be attacked in case of a conflict.

To see the full report, click here.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.