3/19/2006

Security flaws could cripple missile defense network

Filed under: — By Aviran Mordo @ 9:29 pm

The network that stitches together radars, missile launch sites and command control centers for the Missile Defense Agency (MDA) ground-based defense system has such serious security flaws that the agency and its contractor, Boeing, may not be able to prevent misuse of the system, according to a Defense Department Inspector General鈥檚 report.

The report, released late last month, said MDA and Boeing allowed the use of group passwords on the unencrypted portion of MDA鈥檚 Ground-based Midcourse Defense (GMD) communications network.

The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 鈥渨as not in the contract.”

The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.

Because of this poor information security, the DOD IG report said, MDA and Boeing officials 鈥渕ay not be able to reduce the risk and magnitude of harm resulting from misuse or unauthorized access or modification of information [on the network] and ensure the continuity of the system in the event of an interruption.鈥?

Source: fcw.com

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress