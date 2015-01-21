| WASHINGTON
WASHINGTON Jan 20 Nearly every U.S. weapons
program tested in fiscal 2014 showed "significant
vulnerabilities" to cyber attacks, including misconfigured,
unpatched and outdated software, the Pentagon's chief weapons
tester said in his annual report released Tuesday.
Michael Gilmore, director of operational test and evaluation
(DOT&E), said program managers had worked to resolve problems
discovered in previous years and security was improving, but
this year's testing had revealed new vulnerabilities.
"Cyber adversaries have become as serious a threat to U.S.
military forces as the air, land, sea and undersea threats
represented in operational testing for decades," Gilmore wrote
in the 366-page report.
"The continued development of advanced cyber intrusion
techniques makes it likely that determined cyber adversaries can
acquire a foothold in most (Department of Defense) networks, and
could be in a position to degrade important DOD missions when
and if they chose to," he wrote.
The report comes amid growing attention to cybersecurity
within the U.S. government, and was released days after fresh
documents leaked by former U.S. intelligence contractor Edward
Snowden said China had stolen "many terabytes" of data about the
Lockheed Martin Corp F-35 fighter jet.
The Pentagon's F-35 program office said classified data
about the new warplane remained secure.
The report said tests of more than 40 weapons revealed
problems with cybersecurity, and U.S. troops needed to learn to
"fight through" cyber attacks, just as they do now with
conventional attacks.
Gilmore said it was troubling that many issues found during
operational testing could have been addressed when programs were
still in development, and also cited numerous violations of
Pentagon password policies.
Even novice techniques had allowed testers to penetrate
networks, the report said.
Gilmore said it was critical to follow up cyber testing of
weapons with an "adversarial assessment," in which officials
pose as enemies and try to hack into systems. He said the U.S.
military also had a critical shortfall of cyber personnel.
Cyber testing had grown more realistic, but current cyber
ranges needed to be expanded, the report said. It said the
office had worked with military officials to develop "cyber
playbooks" and battle drills that allow network "defenders" to
practice techniques and tactics.
Elsewhere in the report, Gilmore cited specific
cybersecurity problems with the U.S. Army's Warfighter
Information Network - Tactical built by General Dynamics Corp
, the Navy's Joint High Speed Vessel, built by Australia's
Austal, as well as the Freedom class of Littoral Combat
Ship built by Lockheed.
