
US ballistic missile systems have very poor cyber-security - kushti
https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/
======
Someone1234
The US military really needs a major upgrade in terms of its THINKING about
internet security.

I've spoken to the military trained "cyber warriors" at conferences and it was
unsettling. They simply had a worse grasp than some pre-college kids I've met
who dabble in security between high school classes.

There's a lot of veneer there and not a whole lot of substance. It is like
they're trained to be the world's best script kiddies (e.g. they run provided
tools in a given order and expect a predetermined result, they don't REALLY
grasp the underlying concepts at a low level).

Now I will say the NSA has some really sharp cookies, and I'm sure some other
DoD departments do too. But the people at the top seem to think "cyber" war
can be mapped to normal war, and train accordingly. That's a fool's errand.

Hopefully they get it together, but in terms of DoD's own internal politics it
seems like a long road with the computer illiterate grey hairs at the top.

~~~
txcwpalpha
At my previous security consulting firm, the leadership team kicked off a
_massive_ hiring effort of DoD veterans, driven by the idea that "cyber
warfare is similar to real warfare, so veterans are a natural fit for
cybersecurity jobs". Blech.

Based on my experience working with those ex-DoD folks, I echo your sentiment.
Anyone who was known to be a part of the veteran hiring initiative became a
black sheep among the other rank-and-file at my company, because everyone knew
that the DoD folks could hardly do anything more complex than a follow a
5-step "how to install metasploit" guide without having their hand held (and
even then...). They also had very little familiarity with basic security tools
like MFA, IDS, IDM softwares (which makes sense after reading the article).

The worst part still was that they were very cocky about their abilities. I
heard way too many times about how "I have experience with 'real war' at the
pentagon, I know what I'm talking about", when in reality they certainly did
not. If the actual DoD is anything like their ex-infosec employees that I
worked with, I can only imagine that this article is just the tip of the
iceberg.

------
jamieson-becker
_IT administrators failed to install an intrusion detection and prevention
system --also known as an antivirus or security product._

The conflation of two totally different categories of products decreases the
credibility of the entire article.

With that said, the subject matter is tragic.. almost terrifying. Did we learn
nothing from stuxnet?

------
tabtab
If WW3 ever starts, nobody will really know what works and what's been hacked.
We used to have M.A.D., now we have M.A.H: Mutually assured hacked. WW2
weapons may be the only ones that still work.

~~~
stcredzero
More like Lackadaisically Uncertain Disarray.

------
knolax
Direct Link to DOD Report:
[https://media.defense.gov/2018/Dec/14/2002072642/-1/-1/1/DOD...](https://media.defense.gov/2018/Dec/14/2002072642/-1/-1/1/DODIG-2019-034.PDF)

~~~
bitminer
"...the vulnerability was initially identified in 1990..."

STIG scans are automated and the basis for identifying a finding is sometimes
a lot different from the name. You have to decode the scanners script and
compare the description with the code. In this case it is likely a "medium"
finding that an email service is running and may be a risk. "May" and not
"is". It requires a manual evaluation to confirm.

My favorite is the vulnerability identified as [redacted] which merely
identifies the operating system as Windows. It is a High severity.

~~~
siffland
I have to run STIGs all the time on 450+ linux systems being a Linux Admin and
all. STIGs are a good starting point, however the word guidance is in their
acronym for a reason. Other security has to be considered.

At our facility we have a "check box" security department. The entity above us
is so concerned about STIG findings and if they are checked of of the list,
other vulnerabilities are left to the wayside.

I once got in an argument about outdated embedded versions of java in
applications we use. some were up to 7 years old. I advised that we contact
vendors, but being an systems admin that was up to the individual application
administrators. I was told it didn't show up on scans and to shut up and color
(OK they were a little nicer to me than that, same message though).

I can see how places might be lacking in security if they have the same
mentality as here.

------
vtange
Odds are everyone's nukes are poorly secured, not just the U.S.. So even if we
manage to improve security, it only takes another side to lose their nukes to
a not-so-cool-headed actor..

~~~
bhhaskin
Nukes are a different beast entirely. Quite a few of their safety systems are
physical and non-networked. The only danger are hacking delivery systems such
as subs and bombers. But that would only prevent the delivery of a nuke, and
not set them off.

~~~
siffland
As i recall it takes 2 people to physically launch an ICBM from either a
bunker or a sub (simultaneous key turns). The other delivery method is a
bomber, not sure what is takes to arm those.

~~~
cameldrv
ICBMs can also be launched through the Airborne Launch Control System, which
sends a radio signal from an aircraft to the silo. ALCS commands have a delay
and a time window of a couple of minutes I believe where they can be reversed
by the crews in the LCCs, but absent their intervention, nuclear missiles can
be hacked.

~~~
bhhaskin
I am pretty sure it still requires the silo crew to launch the missile. Or at
the very least have the missiles be in some kind of alert ready status.

* Update: Never mind, I stand corrected. You are correct. [https://en.wikipedia.org/wiki/Airborne_Launch_Control_System...](https://en.wikipedia.org/wiki/Airborne_Launch_Control_System#ICBMs_Remotely_Controlled)

~~~
cameldrv
This is a pretty interesting document, and gives quite a few hints about the
workings of the ALCS:
[https://static.e-publishing.af.mil/production/1/af_se/public...](https://static.e-publishing.af.mil/production/1/af_se/publication/afi91-117/afi91-117.pdf)

My understanding is that inside the capsule LCCs, if the ALCS sends a launch
order, if they do nothing in two minutes, the missile launches. I believe any
of the ten LCCs in the wing can abort the launch. Then there's some
arbitration procedure where another LCC can reverse this and decide to launch
after all, and then I think the wing commander's LCC can have a final override
on that. The intention is that if all of the LCCs are destroyed, the missiles
can still be launched, since there would be no one left to abort the launch,
but under normal conditions, the ALCS would not be able to launch. The
government is currently starting to build a new ALCS replacement system that
is IP based, which I think has to be about the worst idea I've ever heard of.

------
jeletonskelly
Ballistic Missile _Defense_ Systems

