Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Could Cripple Defense Network

Posted by ryuzaki0 on from the good-enough-for-government-work dept.

userexec wrote to mention an FCW.com article about the uninspiring future for the Missile Defense System's software. The developers are apparently very worried about poor information security on the project. From the article: "The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 'was not in the contract.' The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated. "

3 of 137 comments (clear)

  1. I am not suprised! by bogaboga · · Score: 3, Insightful
    > Security Flaws Could Cripple Defense Network...

    This does not suprise me at all, after all, we as Americans are quickly proving that we're becoming the bastion of incompetence. From NASA,

    to the war in IRAQ,

    irregularities in elections,

    collapsing health care system,

    cronyism in government,

    out-sourcing out of hand,

    the massive trade deficit,

    the fact that communist China, Japan and the UK now help us with our balance of payments,

    failing education system,

    Katrina,....one wonders whether we as a nation can ever do anything right.

    Question is: Is there eanything really?

  2. better head lines by iggy_mon · · Score: 3, Insightful


    Security Flaws Could Cripple Defense Network
    Drunk Driving Could Be Dangerous
    Microsoft Goes Head-to-Head With IBM
    Mixing Household Chemicals Could Be Dangerous

    notice a pattern? none of these headliness says or means anything. they border between "no $hit" and "duh".

    instead of that say-nothing giberish how about "group passwords threaten MDA's communications network"? see, now the head line says something.

    ps, not to be a jerk, just to point out an area where slashdot can be better than the rest.

    --
    --iggy_mon - www.ananonymouskiller.com - Die Trying -
  3. for the people jumping on the contractors by Anonymous Coward · · Score: 3, Insightful

    if its not in the contract, it is fraud for a government contractor to implement an extra feature or add-on to the system because the govt has to pay for the extra expenses (software developers' hours, testing, etc) incurred to make those improvements.

    so if the security is bad, and it wasnt in the contract, the only people who can begin to address this are actually the purchasing organization, not the developers. the purchaser **needs** to add these stipulations in the contract or else the contractor legally is not allowed to work on fixing it.