A partially redacted report from the U.S. Department of Defense is making waves as it shows issues with the country’s ballistic missile defense system. The report, Security Controls at DoD Facilities for Protecting Ballistic Missile Defense System Technical Information, was released Dec. 10 and shows in its 44 pages how flawed certain security controls are with regards to the essential national defense system. The report itself was written due to “a congressional requirement to audit the controls in place to protect BMDS technical information, whether managed by cleared Defense contractors, or by the Government.”
The report, though containing numerous areas of redacting, does not paint a flattering picture of how the Department of Defense handled the security controls behind its ballistic missile defense system. “Systematic weaknesses” discovered during the audit included failure on the part of network administrators and datacenter managers to “require the use of multifactor authentication to access BMDS technical information.” Network administrators and datacenter managers also failed to mitigate network vulnerabilities at three of the five components visited by auditors, lock server racks, take active measures to protect classified data on removable media at redacted locations, employ proper encryption when BMDS technical data was transferred to classified areas, and “implement intrusion detection capabilities” on specific classified networks.
What is frustrating about reading through the lengthy report is how many issues are a result of ignoring key security measures. The individuals in charge of hiring at the Department of Defense should be embarrassed at how poorly they selected candidates for these positions. Anyone in an administrative role that involves overseeing the BMDS should be relieved of their position. This extreme course of action is justifiable in my eyes as the U.S. ballistic missile defense system is the country’s essential line of defense in the case of short to intermediate-range ballistic missiles being launched at U.S. targets. With the obscene amount of money that gets poured into the defense budget, one would think that the U.S. would be able to properly monitor key systems.
Featured image: U.S. Navy