Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Could Cripple Defense Network

Posted by ryuzaki0 on from the good-enough-for-government-work dept.

userexec wrote to mention an FCW.com article about the uninspiring future for the Missile Defense System's software. The developers are apparently very worried about poor information security on the project. From the article: "The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 'was not in the contract.' The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated. "

11 of 137 comments (clear)

  1. I am not suprised! by bogaboga · · Score: 3, Insightful
    > Security Flaws Could Cripple Defense Network...

    This does not suprise me at all, after all, we as Americans are quickly proving that we're becoming the bastion of incompetence. From NASA,

    to the war in IRAQ,

    irregularities in elections,

    collapsing health care system,

    cronyism in government,

    out-sourcing out of hand,

    the massive trade deficit,

    the fact that communist China, Japan and the UK now help us with our balance of payments,

    failing education system,

    Katrina,....one wonders whether we as a nation can ever do anything right.

    Question is: Is there eanything really?

    1. Re:I am not suprised! by Anonymous Coward · · Score: 1, Insightful

      I think that the greatest sign of US incompetence is the fact that we tricked ourselves into believing that Iraq was a failure and that we are evil for our successes. If our successes are failures, and perfection is our only satisfying goal, we will never succeed again. Thank you for guaranteeing our failure.

      Completely invading and occupying a nation the size of California with a 25m+ population and suffering fewer than 3000 casualties after three years is a failure? A foreign inspired (Syria and Iran, and former loyalists) insurgency was a given. Hell, spending all of htat time pandering to the UN gave them plenty of time to set up. Even with this insurgency the new Iraq army is finally beginning to form and leading many fights against the insurgency. Things take time.

      I'm sorry if perfection was not accomplished. I'm sorry if we didn't do this fast enough for you. But take a look at last weeks campaign, Operation Swarmer. The Iraqis mostly led this. None of our gun ships had to open fire and there were 0 casualties. This was into an area where we were losing soldiers last year.

      You and your ilk do our armed services a great disfavor calling Iraq a failure. It was nothing short of brilliant, despite people like you, the UN, and all these wonderful progressive leftists who opposed the administration at every single opportunity. If anyone is to blame, people like that are.

  2. Not too surprising... by __aaclcg7560 · · Score: 2, Insightful

    How many more $500 USD toliet seats does the taxpayers have to buy before Boeing upgrades their network?

  3. Crapola by N8F8 · · Score: 2, Insightful

    No matter what you do to design a system there will always be some hack who comes along to crap on your project. Just because you think you know better doesn't make it true. It certainly doesn't help that sites like this one jump on every little aberrant report like a pack of jackals.

    --
    "God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
  4. better head lines by iggy_mon · · Score: 3, Insightful


    Security Flaws Could Cripple Defense Network
    Drunk Driving Could Be Dangerous
    Microsoft Goes Head-to-Head With IBM
    Mixing Household Chemicals Could Be Dangerous

    notice a pattern? none of these headliness says or means anything. they border between "no $hit" and "duh".

    instead of that say-nothing giberish how about "group passwords threaten MDA's communications network"? see, now the head line says something.

    ps, not to be a jerk, just to point out an area where slashdot can be better than the rest.

    --
    --iggy_mon - www.ananonymouskiller.com - Die Trying -
  5. Would you like to play a game? by MECC · · Score: 2, Insightful


    How about Global Thermonuclear war?

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  6. It's always a waste of money, until it works... by Anonymous Coward · · Score: 2, Insightful

    The only reason the program exists at all is to hand out taxpayer money to campaign contributors.

    And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?

    Maybe my perspective is skewed. The only job offers (early career engineer) I was able to secure (in a timely manner) were from "big aerospace." If they were not "wasting taxpayer money" on large, risky (read: cutting-edge) R&D technologies, I'd be out of a really interesting, fulfilling job. And unfortunately, until some "other" interesting R&D area (energy would be a good one) is as big a target in the crosshairs of national/international interest, or until I have enough experience to start my own company, I am pretty happy working in the defense industry.

  7. for the people jumping on the contractors by Anonymous Coward · · Score: 3, Insightful

    if its not in the contract, it is fraud for a government contractor to implement an extra feature or add-on to the system because the govt has to pay for the extra expenses (software developers' hours, testing, etc) incurred to make those improvements.

    so if the security is bad, and it wasnt in the contract, the only people who can begin to address this are actually the purchasing organization, not the developers. the purchaser **needs** to add these stipulations in the contract or else the contractor legally is not allowed to work on fixing it.

  8. Re:Not Surprised by Aragorn379 · · Score: 2, Insightful

    Contract companies love to say "that's not in the contract, but we'd be happy to renegotiate and do it for $x."

    And for good reason. Same reason that when you order a Dodge Neon they don't ship you a Dodge Viper. The contract is what is specifying what the government is buying. Change what the government is buying to enhance it and it's not really surprising that they want more money to produce it. Taking the least expensive option is usually the right option for the company even if it isn't in the system. It also doesn't surprise me in the least. The government really should have some boilerplate in their contracts saying system much follow established DoD security procedures as specified in DoD Standard Security Policies v10.43 or something along those lines.

  9. Re:Another Contractor cutting corners by Anonymous Coward · · Score: 1, Insightful
    That document is from Feb 03. Do you think the GMD contract MAY be a little older than it?

    And whats your company going to do? Really only Boeing, Lockheed Martin and Northrop Grumman are big enough to handle the prime contract.

  10. Re:I am not surprised! by Anonymous Coward · · Score: 1, Insightful
    The foundational requirements of any society is conformance to some agreed minimal ethical and moral standards.
    Standards are of course the first sacrifices of a multi-culturalist state.