
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit - Nokinside
https://www.bleepingcomputer.com/news/security/us-ballistic-missile-defense-systems-fail-cybersecurity-audit/
======
badrabbit
Bleeping computer does not work on my mobile phone,says I'm not authorized to
view the community...

Anyways,USGOV needs a wake up call,they run secure networks as if they're a
secure version of a corporate network. Even private sector giants like fb and
google have moved to zero trust ,whitebox network gear and u2f for everyone.
Simply not using windows would be a great advantage to them.

Their biggest challenge imo is attracting talent that has the degrees,can get
clearance,will work for terrible pay and is morally amiguous enough to not
mind the executive branch's administration. They really need a dedicated
agency that contracts IT work to all other government branches and can be
operated as to attract people with passion for IT.

~~~
DKnoll
The US DoD does have 2-factor authentication. Every user (every employee of
the DoD, as well as contractors) has a CAC (Common Access Card) that they need
to log into a computer, along with a PIN. It seems in these 3 facilities that
were audited the administrators (probably outside contractors from my
understanding of IT in DoD facilities) failed to follow DoDs own guidelines
(STIGs).

EDIT: as an aside, the DoD STIGs can be fairly interesting and are very useful
references for sysadmins. Check it out -
[https://iase.disa.mil/stigs/Pages/index.aspx](https://iase.disa.mil/stigs/Pages/index.aspx)

~~~
badrabbit
Thanks a lot,didn't know about STIGs.

I knew they used smart cards for pentagon and DoD but wasn't sure if that
covered the rest of the secure and classified federal networks.

Even then, it looks to me like they're excellent at policy making and
paperwork but they're not innovating new solutions or solutions customized to
their needs. For example, fb runs whitebox network gear,guaranteed that won't
happen at DoD. In Infosec I think agility and adoptability is very important.

------
hkr20182018
Uhhh...malicious website?

