17 décembre 2018 | International, C4ISR
The Army, Navy and Missile Defense Agency are failing to take basic cybersecurity steps to ensure that information on America's ballistic missile defense system won't fall into nefarious hands, according to a Defense Department Inspector General audit released Friday.
Investigators visited five sites that manage ballistic missile defense elements and technical information, but the names of the commands were redacted in the publicly released report.
“The Army, Navy and MDA did not protect networks and systems that process, store, and transmit (missile defense) technical information from unauthorized access and use,” the declassified report states.
Such inadequacies “may allow U.S. adversaries to circumvent (missile defense) capabilities, leaving the United States vulnerable to missile attacks,” the report states.
They found officials failed to employ safeguards familiar to most people online in 2018, the latest development to raise questions about the U.S. military's cybersecurity vulnerabilities.
Among the shortcomings: Administrators for classified networks had no intrusion detection and prevention systems in place to watch for cyberattacks, much less stop them, according to the report.
At one site, officials said they had requested to purchase those cyber safeguards in December 2017 but nine months later it still hadn't been approved.
“Without intrusion detection and prevention capabilities, (the site) cannot detect malicious attempts to access its networks and prevent cyberattacks designed to obtain unauthorized access and exfiltrate sensitive (missile defense) technical information,” the report states.
Officials also failed to patch system flaws after receiving vulnerability alerts, one of which had first been identified in 1990 and had still not been fixed by April.
Another vulnerability that could be exploited by an attacker was first identified in 2013 but also was never pathced, according to the report.
“Countless cyber incident reports show that the overwhelming majority of incidents are preventable by implementing basic cyber hygiene and data safeguards, which include regularly patching known vulnerabilities,” the IG report states. “(Missile defense) technical information that is critical to national security could be compromised through cyberattacks that are designed to exploit these weaknesses.”
Some facilities failed to force employees to use common access cards, or CAC, when accessing the classified system, a basic cybersecurity practice known as multi-factor identification.
Instead, officials were able to access the sensitive information using just a username and password, the report states.
Hackers use phishing and other tactics to exploit passwords and gain access to such systems.
New hires are supposed to be allowed network access without a card for only their first two weeks on the job. But IG investigators found users on the systems without CAC cards for up to seven years.
At one site, a domain administrator never configured the network to allow only CAC holder access.
“Allowing users to access networks using single factor authentication increases the potential that cyber attackers could exploit passwords and gain access to sensitive (missile defense) technical information,” the report states.
Investigators also found unlocked server racks at some locations, another key vulnerability to insider snoopers.
“The insider threat risk necessitates that organizations implement controls...to reduce the risk of malicious personnel manipulating a server's ability to function as intended and compromising sensitive and classified data,” the report states.
External storage devices held unencrypted data and some sites failed to track who was accessing data, and why. Other administrators told investigators that they lacked the ability to record or monitor data downloaded from the network onto these devices.
Unless these officials enforce the encryption of such removed data and monitor its downloading and transferring, “they will be at increased risk of not protecting sensitive and classified (missile defense) technical information from malicious users,” the report states.
Investigators also found that some supposedly secure sites were failing to even lock their doors. One location had a security door that hadn't worked for years.
“Although security officials were aware of the problem, they did not take appropriate actions to prevent unauthorized personnel from gaining unauthorized access to the facility,” the report states.
Other sites featured no security cameras to monitor personnel movement and security officers failed to conduct badge checks.
While the report makes recommendations to fix the documented problems, officials for the inspected agencies offered no comments on the non-classified draft report of the audit.
Friday's scathing IG audit marked the latest in a string of reports detailing shoddy cybersecurity throughout the armed forces and defense contractors.
During the same week, the Wall St. Journal reported that Chinese hackers are targeting military systems and those of defense contractors working on Navy projects.
Beijing-linked cyber raids have attempted to steal everything from missile plans to ship-maintenance data in a series of hacks over the past 18 months, the Journal reports.
As a result, Navy Secretary Richard Spencer has ordered a “comprehensive cybersecurity review” to assess if the Navy's cyber efforts “are optimally focused, organized, and resourced to prevent serious breaches,” spokesman Capt. Greg Hicks said.
The review will also look at authorities, accountability and if the efforts reflect and incorporate government and industry best practices, he said.
“Secretary Spencer's decision to direct a review reflects the serious to which the DoN prioritizes cybersecurity in this era of renewed great power competition,” Hicks said.
20 janvier 2022 | International, Aérospatial, C4ISR
The ongoing, SWAC-led analysis is weighing options for a space-based GMTI program that could be funded as soon as fiscal 2024.
3 juin 2020 | International, Aérospatial
May 29, 2020 - A Eurofighter flight test campaign dedicated to the configuration chosen by Kuwait, with E-SCAN radar and other important enhancements, is certainly demanding and complex. Mario Mutti, Head of Project Test Pilot Fighters and Standardization of Leonardo's Aircraft Division, tells us how it is proceeding. Leonardo ISPA 6 (Instrumented Series Production Aircraft) is the most advanced Eurofighter Typhoon test aircraft with E-SCAN radar and it recently joined the other EF Typhoon test aircraft after the successful completion of an important lay-up in November last year. "The testing campaign for the new radar is particularly demanding - Mario Mutti, Head of Project Test Pilot Fighters and Standardization of Leonardo's Aircraft Division tells - there is a need for very large and dedicated work areas, the support of other aircraft that act as "smart" targets, an extremely accurate post-flight data analysis that involves multiple sites (in Italy and partner Countries) and optimizes the "set-ups" of the next flight. A very complex flight test system. The Italian Air Force contributes in a fundamental way: the aircraft available in support of test flights are always on time and offer a very consistent capability both quantitative and in terms of skill. The complex scenarios planned in flight are possible only thanks to the experience of the military pilots and our two-seater prototype that allows for synergy, even in the cockpit, between test pilot and flight test engineer." This challenging programme was completed as planned notwithstanding the difficulties created by the pandemic conditions under which the teams were operating; all flight test points were tested and all the required evidences obtained to provide final clearance on Kuwait's Typhoon. The tactical advantage given by the radar's Antenna Repositioner – allows a field of regard 50 per cent wider than conventional E-SCAN fixed plate systems - was clearly evident since the early stages of development. "The COVID emergency did not stop us, on the contrary, it strengthened us! - Mutti continues - Very stringent procedures, always in line with national and corporate protocols allowed us to operate with a motivated team that has challenged adversity with great dedication and sense of responsibility. International sharing is actually more difficult and efforts are being made to restore it to maximum effectiveness." With the above flights, ISPA6 has completed the overall P3Eb Flight Test campaign, which represent a significant step forward to allow the delivery of the Eurofighter to the Kuwait Air Force. "The Eurofighter is always an excellent platform – Mutti comments with satisfaction - and demonstrates its extensive development capability already foreseen in the design phase. Ergonomics are even more optimized and the new radar is perfectly integrated into a general growth of capabilities that includes sensors, weapons and increasingly advanced and performing functions”. The Eurofighter Typhoon ISPA 6 ISPA 6 is one of the three EF Typhoon test aircraft equipped with the Electronic Scan Radar made by the EuroRadar Consortium, led by Leonardo UK in Edinburgh, and it's currently allocated to the EF/NETMA P3Eb (Eurofighter Consortium/NATO Eurofighter and Tornado Management Agency - Phase 3 Enhancements Package b) development programme to perform E-SCAN Entry Into Service flight tests and provide final clearance to the Kuwait customer. After its first flight in the current configuration, at the end of last year, on the 3rd of March ISPA 6 started the so-called “E-SCAN XCR#1” flight test campaign and performed several sorties successfully concluded on the 27th of March. The first sorties were performed in cooperation with Leonardo's IPA2 (Instrumented Production Aircraft) test aircraft and the last ones were conducted in cooperation with Eurofighter Typhoons of the Italian Air Force. Recently ISPA 6 has flown to refine ECCM (Electronic Counter-Countermeasures) Radar capabilities, while in the next months will perform final E-SCAN software release certification flights; then will progress flying to test further E-SCAN software capabilities by the end of the year. View source version on Leonardo: https://www.leonardocompany.com/en/news-and-stories-detail/-/detail/eurofighter-flight-tests-continue-with-the-e-scan-radar
21 avril 2023 | International, Terrestre
Under this collaboration, the companies will explore potential joint opportunities in areas such as research and development, production and other activities