Pentagon confirms that missile defenses are vulnerable to cyber attack

The Director of the Pentagon’s Missile Defense Agency reported to the Congress that missile defenses of the US military are vulnerable to cyber attacks.

The Director of the Pentagon’s Missile Defense Agency reported to the Congress last week that missile defenses deployed by the US Army are vulnerable to cyber attacks. Security experts are aware that every system could be affected by several flaws exploitable in a cyber attack, but we are led to believe that the defense systems in the military are more reliable and robust for obvious reasons.

The Director has confirmed that a cyber attack could disrupt the sophisticated networks of sensors and guidance systems use in missile defenses to target enemy missiles. The first question that everyone has in mind is “How is it possible?”, in military industry the security by design is one of the fundamentals and it is very difficult for common people to imagine a so disconcerting scenario.

During a Senate defense appropriations subcommittee hearing June 11, Sen. Jack Reed, (D-RI) asked MDA Director Vice Adm. James Syring how vulnerable are the communications links between radar, satellites and other sensors to cyber attacks.

“How vulnerable are those external sources to cyber attack so that someone contemplating a launch would first conduct a cyber-interruption of your guidance systems?” Reed asked.

“Sir, we’ve looked at that. I’d like to take that to a classified session,”Syring said.

“It’s a serious concern?”

Reed asked.“Yes, sir,” Syring replied.

Syring’s words are alarming, Earlier, Lt. Gen. David Mann, commander of the Army Space and Missile Defense Command, confirmed the possibility of a cyber attack:

“wha“t we’re looking at internally is in terms of cyber and what can we do to make sure that we, first, identify vulnerabilities, but also put in place our ability to put up that shield, that wall” against cyber attacks.” Mann said.

Countries like Russia and China are considered the principal threats for US industries, including Defense. In February US Intelligence officials announced that foreign spying are the No. 2 danger facing the country, cyber espionage conducted by State-sponsored hacking could give to the attacker a strategic advantage also in the hacking of military systems like missile defenses.

Mann also explained that  US Defense is aware that foreign governments are conducting many campaign to find a hole within the security of strategic offensive ballistic missiles.

“We’re looking at that very, very hard, a lot of red-teaming going on,” “And I think you know that there’s a lot of countries out there that are continuously, on a daily basis, trying to access different networks.” Mann added.

To respond cyber threats that are even more sophisticated the US Defense must continuously audit its infrastructures and system to find potential flaw and harden the environment.

Mann added that “we’re continuously looking at our different architectures and what needs to be done to harden them against cyber, because I think that’s — quite frankly, that’s the biggest threat that we have right now to our systems, is the impact of cyber.”

The menace to defense networks is not a new issue, the economic crisis and cuts to the budget for the Defense led experts fearing the Department of Defense’s computer networks may be more exposed to the risk of a major cyber attack.

In 2008, attackers successfully breached the U.S. Central Command in Afghanistan with an infected flash drive as an attack vector, in that circumstance The Pentagon has not disclosed information on the nature and the volume of the stolen data.

In 2011, “In a single intrusion this March, 24,000 files were taken,” former Deputy Defense Secretary William J. Lynn III said in a speech in July 2011.

The above cases are just a few examples of targeted attacks, in the majority of cases bad actors target employees of a defense contractor to collect sensitive information, a consolidated strategy adopted by almost every ATP.

Pierluigi Paganini

(Security Affairs –  missile defenses , US Military)0