Wednesday, October 10, 2018

Building Hackable Weapons

There is a new GAO report that shocked me.  It says the Feds have been looking at security of weapons systems and finding them susceptible to hacking.

I was up at Hanscom Air Force Base 20 years ago watching some tests of one our weapon systems and feeling pretty good about the outcome, but they told us some stories about some that did not do so well.   Hanscom was testing for cyber vulnerabilities and interoperability at the same time.  It was prudent that they be tested.  We were concerned about hacking of our weapons and tried to build in the kinds of safeguards that would make them operate in some hacker intensive areas of the world, or against the best of Russian attacks by their military.  These days, there is no excuse for not considering security for weapons that will operate against the Russians and Chinese who have already hacked about everything, including the designs of some of these platforms.

We have to blame this on defense contractors and government agencies that develop requirements for these systems.  Defense contractors cannot be that stupid, even if the government officers are.  They know the environment these platforms have to operate in.  They are the ones touting their defenses against a range of threats that are common in those kind of environments.  They have customers who are not US and they must know these countries care about their cyber security more than the US does, especially those near Russia and China.  Building a weapons system for use in a Baltic state and not considering the security of its electronic components is pure malpractice.  There is no excuse for it.

The government for its part has not done well at establishing requirements for systems like the ones the Air Force had in those days.  That too is malpractice.  Make them test and evaluate those weapons before they can be fielded.

Both defense contractors and government reps for these expensive systems get the usual award for their behavior ; STUPID.  The Secretary should be kicking some ass over this.

You can access this blog directly after Google + goes away:

https://dennispoindexter.blogspot.com/

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)