back to article Hunt for Red Bugtober: US military's weapon systems riddled with security holes – auditors

Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them. This is according to a October report [PDF] on cybersecurity practices in Uncle Sam's armed forces, drawn up by the Government Accountability Office (GAO). Leading with the subtle title " …

  1. DCFusor Silver badge
    Joke

    I think I heard their excuse went something like "none of these are yet in service, and given our recent fortunes, none will work anyway when we put them in service, so a bad guy hacking them will have no effect and is the least of our worries."

    Like the logistics system for the most expensive fighter ever - itself over budget and late - that doesn't work, which doesn't matter as the fighter itself is grounded anyway.

    Luckily, it's all just a jobs program anyway, feeding votes for pols by being made in little bits all over in their various districts.

    1. elDog Silver badge

      Sort of like the USSR wanting to leave the Pentagon intact in case of war

      because it was considered the weakest link in the chain of command.

      Of course this was from the 80's and I'm sure everything has been tightened up nicely since then.

      1. John Brown (no body) Silver badge

        Re: Sort of like the USSR wanting to leave the Pentagon intact in case of war

        "Of course this was from the 80's and I'm sure everything has been tightened up nicely since then."

        You think that maybe someone screwed the nuts in the Pentagon? Not likely when the only reliable tool they have is a hammer (and maybe a sickle)

  2. Kevin McMurtrie Silver badge

    possibly some missteps

    I hope nobody is around when that happens.

  3. Anonymous Coward
    Mushroom

    That big red button

    So how many security researchers around the world have their fingers on that nuclear button through a backdoor?

  4. Frumious Bandersnatch Silver badge

    let's make love ...

    and listen to death from a bug.

    (Cansei de Ser Superior)

  5. sanmigueelbeer Silver badge

    Minion: General, the GAO has found out these weapons have weak passwords.

    General: These things have passwords?

    1. BebopWeBop Silver badge

      Minion: Yesssir, we recommend 'password' or for truly sensitive systems, 'passw0rd'.

  6. JLV Silver badge
    Happy

    Learn to Stop Worrying and Love Network-enabled Operations

    Geez, folks, it's not like any potential peer adversary of the US ever does DDOS or cyberattacks. Assymetrical warfare is only about IEDs and terrorists, any honorable enemy will slug it out toe-to-toe, as planned by the geniuses who brought us the F35.

    1. DougS Silver badge

      Re: Learn to Stop Worrying and Love Network-enabled Operations

      You don't think the F35s were designed to win a war, do you? They were designed to extract money from American taxpayers and put it in the pockets of defense contractors.

      If they were designing planes to win a war they'd never build another manned fighter, because they will all be obsolete at least a decade before the last F35 is scheduled to roll off the assembly line.

    2. Cuddles Silver badge

      Re: Learn to Stop Worrying and Love Network-enabled Operations

      " it's not like any potential peer adversary of the US ever does DDOS... the geniuses who brought us the F35."

      If someone carried out a DDOS attack on the F35, would anyone be able to notice the difference?

  7. A.P. Veening

    This is exactly what everybody expected when they left security to legislation. Extraditing and charging some teenagers for accessing a wide open Pentagon computer works ... to let the bad guys know there is no real security.

  8. Charles 9 Silver badge

    There's really only one way to force the government to pay attention. It happened in the 70's. Just tell them if they don't shape up by yesterday, they'll lose World War III and the US will cease to exist.

    1. Destroy All Monsters Silver badge

      But then Guatemalean peasants had to die...

  9. chivo243 Silver badge
    Headmaster

    two cans connected with strings?

    "...find ways to better coordinate communications between departments..."

    Never mind this new fangled inter www thingie...

    Maybe the spy department needs to talk to the blow things up department?

  10. Anonymous Coward
    Anonymous Coward

    If only they had "Intel" Inside oh wait

  11. Anonymous Coward
    Anonymous Coward

    ...mention here of the F35 is quite legitimate...

    ....the software won't be ready for "combat use" for quite a while (according to Senate testimony)....

    ....the plane is only "stealthy" from (classified) directions, but not from above or below....

    *

    ....but what about hacks on our favourite US weapons system....Trident? Maybe there's still some Windows 95 stuff still on those submarines in Gareloch, or some Intel 286 chips in the missiles? I think we should be told!

  12. Aodhhan Bronze badge

    Not shocking

    Having worked in the DOD as a civilian--many of us have left the DOD for bigger paychecks. Why work for 90K when you can get nearly twice as much working for civilian companies. All who are now heavily investing in InfoSec. Another up-side, is I don't have to live life like an angel...worrying about losing my security clearance... and/or having my life turned upside down every 5 years dealing with a clearance investigation.

    This is putting the DoD in hard times with InfoSec. Most of the civilians/military leadership O-5/GS-15 and above aren't proficient in technological computer fields--let alone information security. They are pilots, business grads, etc. Almost everything but a computer engineer, MIS, development, etc. education. So they aren't exactly proficient at leading--or understanding the support needs of computer professionals. Such as security hardware, cloud infrastructure, etc. Since they don't understand it... they don't get the right items implemented and make poor decisions.

    Until the DoD and defense contractors get in line with civilian salaries, they will only be able to attract professionals right out of college--only to watch them leave after 4 years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019