The Navy’s Software Is RIDDLED With Vulnerabilities, And There’s Nothing It Can Do
The Navy is in a bind.
At this point, the service has identified all major cyber vulnerabilities affecting existing systems, and there’s simply not enough money in the budget to fix all the holes.
There are around 500 of these vulnerabilities deeply embedded in Navy systems, Federal News Radio reports. An annual audit from the Office of the Director, Operational Test and Evaluation released at the end of January, found ridiculously weak passwords, old and outdated software, and network functions unnecessarily left on in all branches of the military. Entire platforms, like the Navy’s Joint High Speed Vessel and the Freedom class of Littoral Combat Ship, were determined to be vulnerable to attack.
According to Michael Gilmore, director of operational test and evaluation, “What constitutes adequate operational testing under realistic combat conditions is determined not by fiscal constraints, but by our war plans and the threats we face — the enemy (always) gets a vote,” Gilmore wrote. “It would therefore, be … a disservice to the men and women we send into combat to make arbitrary budget-driven reductions to either developmental or operational testing.”
Matthew Swartz, leader of Task Force Cyber Awakening (TFCA), stated last week that it would take approximately $8 billion to cover each vulnerability, and since the funds simply don’t exist to cover that amount, the focus remains on how to prioritize which threats present the greatest risk.
One thing the service has going for it, despite the fact that it’s comprehensive cyber security investigation is only a few months in, the Navy thinks that it has at least identified all the vulnerabilities. Now comes the dirty work of triage.
“If I want to address it vulnerability-by-vulnerability, it’s unexecutable because of the nature of the Navy, and it’s also unaffordable because nobody can possibly reprogram that much money,” Swartz said at a Navy IT conference in San Diego. “So we’re going to have to prioritize, and we’re doing it based on consequence. We’re going to do what we need to preserve the capability to prosecute the fight, and understand that there are some consequences that we can’t accept. As we define the things we can’t accept, we can build in layered defenses to make sure we don’t have to. Right now, that’s how we’re prioritizing.”
This year’s proposed Navy budget includes $300 million to support the 100-man TFCA team and other cyber security projects in the works. In total, the Navy’s 2016 budget of $160.9 billion dollars is $10 billion higher than last year’s, with most of the funds heading to modernizing the force (shipbuilding and research).
The biggest problem for the Navy is the protection of sensitive information stored outside the network on contractors’ computers in academia and other research centers, according to Signal Media.
One main improvement so far is that new systems purchased by the Navy now have to pass a set of “Cybersafe” standards, although those standards haven’t yet been released.
Still, the Navy (and Department of Defense) have a lot of catching up to do in cyberspace.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read More