Germany establishes new military space command

On the same subject

• 

  April 13, 2021 | International, Aerospace, Naval, Land, C4ISR, Security

  Contracts for April 12, 2021

  Today

• 

  December 17, 2018 | International, C4ISR

  Audit finds cyber vulnerabilities in US missile defense system

  By: Geoff Ziezulewicz The Army, Navy and Missile Defense Agency are failing to take basic cybersecurity steps to ensure that information on America's ballistic missile defense system won't fall into nefarious hands, according to a Defense Department Inspector General audit released Friday. Investigators visited five sites that manage ballistic missile defense elements and technical information, but the names of the commands were redacted in the publicly released report. “The Army, Navy and MDA did not protect networks and systems that process, store, and transmit (missile defense) technical information from unauthorized access and use,” the declassified report states. Such inadequacies “may allow U.S. adversaries to circumvent (missile defense) capabilities, leaving the United States vulnerable to missile attacks,” the report states. They found officials failed to employ safeguards familiar to most people online in 2018, the latest development to raise questions about the U.S. military's cybersecurity vulnerabilities. Among the shortcomings: Administrators for classified networks had no intrusion detection and prevention systems in place to watch for cyberattacks, much less stop them, according to the report. At one site, officials said they had requested to purchase those cyber safeguards in December 2017 but nine months later it still hadn't been approved. “Without intrusion detection and prevention capabilities, (the site) cannot detect malicious attempts to access its networks and prevent cyberattacks designed to obtain unauthorized access and exfiltrate sensitive (missile defense) technical information,” the report states. Officials also failed to patch system flaws after receiving vulnerability alerts, one of which had first been identified in 1990 and had still not been fixed by April. Another vulnerability that could be exploited by an attacker was first identified in 2013 but also was never pathced, according to the report. “Countless cyber incident reports show that the overwhelming majority of incidents are preventable by implementing basic cyber hygiene and data safeguards, which include regularly patching known vulnerabilities,” the IG report states. “(Missile defense) technical information that is critical to national security could be compromised through cyberattacks that are designed to exploit these weaknesses.” Some facilities failed to force employees to use common access cards, or CAC, when accessing the classified system, a basic cybersecurity practice known as multi-factor identification. Instead, officials were able to access the sensitive information using just a username and password, the report states. Hackers use phishing and other tactics to exploit passwords and gain access to such systems. New hires are supposed to be allowed network access without a card for only their first two weeks on the job. But IG investigators found users on the systems without CAC cards for up to seven years. At one site, a domain administrator never configured the network to allow only CAC holder access. “Allowing users to access networks using single factor authentication increases the potential that cyber attackers could exploit passwords and gain access to sensitive (missile defense) technical information,” the report states. Investigators also found unlocked server racks at some locations, another key vulnerability to insider snoopers. “The insider threat risk necessitates that organizations implement controls...to reduce the risk of malicious personnel manipulating a server's ability to function as intended and compromising sensitive and classified data,” the report states. External storage devices held unencrypted data and some sites failed to track who was accessing data, and why. Other administrators told investigators that they lacked the ability to record or monitor data downloaded from the network onto these devices. Unless these officials enforce the encryption of such removed data and monitor its downloading and transferring, “they will be at increased risk of not protecting sensitive and classified (missile defense) technical information from malicious users,” the report states. Investigators also found that some supposedly secure sites were failing to even lock their doors. One location had a security door that hadn't worked for years. “Although security officials were aware of the problem, they did not take appropriate actions to prevent unauthorized personnel from gaining unauthorized access to the facility,” the report states. Other sites featured no security cameras to monitor personnel movement and security officers failed to conduct badge checks. While the report makes recommendations to fix the documented problems, officials for the inspected agencies offered no comments on the non-classified draft report of the audit. Friday's scathing IG audit marked the latest in a string of reports detailing shoddy cybersecurity throughout the armed forces and defense contractors. During the same week, the Wall St. Journal reported that Chinese hackers are targeting military systems and those of defense contractors working on Navy projects. Beijing-linked cyber raids have attempted to steal everything from missile plans to ship-maintenance data in a series of hacks over the past 18 months, the Journal reports. As a result, Navy Secretary Richard Spencer has ordered a “comprehensive cybersecurity review” to assess if the Navy's cyber efforts “are optimally focused, organized, and resourced to prevent serious breaches,” spokesman Capt. Greg Hicks said. The review will also look at authorities, accountability and if the efforts reflect and incorporate government and industry best practices, he said. “Secretary Spencer's decision to direct a review reflects the serious to which the DoN prioritizes cybersecurity in this era of renewed great power competition,” Hicks said. https://www.navytimes.com/news/your-navy/2018/12/14/audit-finds-cyber-vulnerabilities-in-us-missile-defense-system

• 

  June 3, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

  Pentagon taps $688 million in coronavirus aid for defense industry

  By: Joe Gould WASHINGTON ― The Pentagon plans to spend hundreds of millions of dollars in coronavirus relief funding to support vulnerable manufacturers of submarine torpedo tubes, aircraft engine parts and hardened microelectronics that were hit by closures or other effects of the COVID-19 pandemic. The $688 million defense-industrial base fund is just one category within the $10.5 billion the Department of Defense received from Congress' $2.1 trillion CARES Act package. The department submitted its 54-page spending plan to Congress on Friday amid pressure from lawmakers after DoD had spent only 23 percent of that money weeks after it was signed into law in late March. The Pentagon has thus far obligated $167 million of the $1 billion Congress granted under the Defense Production Act, a Korean War-era law that the president recently invoked, to have industry produce key items such as N95 respirator masks and swabs needed for coronavirus testing, ventilators and other items. Under the same law, the Pentagon's spending plan says it would use $688 million to address impacts to the defense-industrial base caused by COVID-19, "by directly offsetting financial distress in the DIB and providing investments to regions most severely impacted to sustain essential domestic industrial base capabilities and spur local job creation.” The plan calls for $171 million for the aircraft propulsion industrial base; $150 million for shipbuilding and submarine launch tubes; $150 million for the space launch industrial base; $80 million for the microelectronics base; $62 million for body armor suppliers; and $40 million for high-temperature materials used in hypersonic weapons. The priorities likely overlap with vulnerable industrial base areas previously identified by the Pentagon's assessment last year, said Wesley Hallman, the National Defense Industrial Association's senior vice president of strategy and policy . “It makes sense given what's going on now economically to ― under the [coronavirus aid] legislation ― reinforce some of the critical vulnerabilities that were identified in that report,” Hallman said. The Pentagon plans $171 million to sustain and preserve the aircraft propulsion industrial base, as many military aviation suppliers have been hard hit from the commercial side by coronavirus travel restrictions. Some would preserve an "essential workforce through support to sustained operations at key repair facility and stabilizing sub-vendors essential to a healthy propulsion industrial base,” according to the department. What that means is the DoD may have to absorb some of suppliers' overhead costs to keep vital suppliers in business, said Teal Group aviation analyst Richard Aboulafia. “Commercial aviation is in the worst crisis it's ever faced, and aviation propulsion aftermarket is the single part of the industry most hit by COVID-19,” Aboulafia said. “It could be [that] if there's a part like a combustor, DoD could be saying: ‘What do you need by way of guaranteed orders to keep that line open?' ” The department, which relies on a vulnerable network of suppliers for parts for the venerable TF33 engine, hopes to “support initiatives to certify and approve new parts sources for” the engine and “catalyze the sub-tier vendor base and mitigate risk of sub-tier vendors exiting the propulsion business.” Pratt & Whitney hasn't made the TF33 in more than 40 years, but it's still used by the B-52 bomber, and no replacement is due for years. The DoD also planned $150 million for the shipbuilding industrial base in areas such as castings, forgings and submarine launch equipment, as well as to support continuous production of essential components such as missile tubes. (Shipbuilding overall has contracted over the last decade, and there were only four suppliers with the capability to manufacture large, complex, single-pour aluminum and magnesium sand castings, according to the DoD's 2019 industrial capabilities report to Congress.) The CEO of Virginia-based military contractor BWXT, Rex Geveden, said on an earnings call last year that the company ― which makes missile tubes for the Columbia-class submarine ― was mulling an exit from the missile tube business. The Navy and its Naval Sea Systems Command, he said, were seeking more than one supplier, adding: “We're not interested in the future orders unless we do have a way to make money on these orders.” The DoD planned another $150 million to maintain a competitive space launch industrial base. DoD relies on a small pool of companies to launch satellites into orbit, but there are numerous companies of all sizes that support those launches, and the DoD has sought to reintroduce more competition over the enterprise in recent years. The department would also spend $80 million to support several critical suppliers of radiation-hardened microelectronics ― products vital to DoD but with limited commercial applications. The funding would “protect the domestic capacity to ensure radiation hardened microelectronics testing capability, and key subcompacts such as substrates and wafer, are available for DoD weapon systems," according to the spending plan. The $40 million would protect suppliers of high-temperature materials used in potentially game-changing hypersonic weapons. “An expanded, sustainable domestic production capability for hypersonic systems is essential to the Department achieving its modernization priorities,” the plan states. https://www.defensenews.com/congress/2020/06/02/688m-in-covid-aid-helping-defense-firms-per-dod-plan/