US Government Accountability Office (GAO) published a report finding critical vulnerabilities in the US military security systems. The report found that a “red teamer” was able to crack into the US Department of Defense system and reboot it, cause popups to appear and – perhaps more dangerously – find serious security holes in the nine weapons systems programs it tested.
Sherban Naum, SVP, Corporate Strategy and Technology at Bromium:
“A vulnerability being exposed at the federal level is so much costlier than at the enterprise level. We can replace credit card records or restore customer loyalty. We can’t undo a rival nation state potentially roaming undetected inside weapons systems because there were insufficient security investments in modular, run-time security. This reflects the core challenge of legacy systems being built with Trust Decisions at Buy Time, rather than a modern approach of Trust at Run Time. Systems were designed, built and operated based on architectural and technical limitation decisions years ago, and as such, trust was decided upon contract award. A modern architecture must reflect the ability to make trust decisions at the time processes are executed, limiting trust to fine grained execution at run time, built upon a dynamic root of trust rather than static. Software defined hardware is not a new concept, yet systems were hard coded with a limited ability to adjust to real time threats. It’s time for the federal government to make cybersecurity a national priority, and ensure it is treated as such during the development of systems outlined in the GAO report.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.