Nearly every US arms programme found vulnerable to cyber attacks

A F-35A Lightning II Joint Strike Fighter. Former US intelligence contractor Edward Snowden says China had stolen "many terabytes" of data about the Lockheed Martin Corp F-35 fighter jet. -- PHOTO: REUTERS
A F-35A Lightning II Joint Strike Fighter. Former US intelligence contractor Edward Snowden says China had stolen "many terabytes" of data about the Lockheed Martin Corp F-35 fighter jet. -- PHOTO: REUTERS

WASHINGTON (REUTERS) - Nearly every US weapons programme tested in fiscal 2014 showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software, the Pentagon's chief weapons tester said in his annual report released Tuesday.

Mr Michael Gilmore, director of operational test and evaluation (DOT&E), said programme managers had worked to resolve problems discovered in previous years and security was improving, but this year's testing had revealed new vulnerabilities.

"Cyber adversaries have become as serious a threat to US military forces as the air, land, sea and undersea threats represented in operational testing for decades," Mr Gilmore wrote in the 366-page report.

"The continued development of advanced cyber intrusion techniques makes it likely that determined cyber adversaries can acquire a foothold in most (Department of Defence) networks, and could be in a position to degrade important DOD missions when and if they chose to," he wrote.

The report comes amid growing attention to cybersecurity within the US government, and was released days after fresh documents leaked by former US intelligence contractor Edward Snowden said China had stolen "many terabytes" of data about the Lockheed Martin Corp F-35 fighter jet.

The Pentagon's F-35 programme office said classified data about the new warplane remained secure.

The report said tests of more than 40 weapons revealed problems with cybersecurity, and US troops needed to learn to"fight through" cyber attacks, just as they do now with conventional attacks.

Mr Gilmore said it was troubling that many issues found during operational testing could have been addressed when programs were still in development, and also cited numerous violations of Pentagon password policies.

Even novice techniques had allowed testers to penetrate networks, the report said.

Mr Gilmore said it was critical to follow up cyber testing of weapons with an "adversarial assessment," in which officials pose as enemies and try to hack into systems. He said the US military also had a critical shortfall of cyber personnel.

Cyber testing had grown more realistic, but current cyber ranges needed to be expanded, the report said. It said the office had worked with military officials to develop "cyber playbooks" and battle drills that allow network "defenders" to practice techniques and tactics.

Elsewhere in the report, Mr Gilmore cited specific cybersecurity problems with the US Army's Warfighter Information Network - Tactical built by General Dynamics Corp, the Navy's joint high-speed vessel, built by Australia's Austal, as well as the Freedom class of littoral combat ship built by Lockheed.

Join ST's Telegram channel and get the latest breaking news delivered to you.