Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Could Cripple Defense Network

Posted by ryuzaki0 on from the good-enough-for-government-work dept.

userexec wrote to mention an FCW.com article about the uninspiring future for the Missile Defense System's software. The developers are apparently very worried about poor information security on the project. From the article: "The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 'was not in the contract.' The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated. "

17 of 137 comments (clear)

  1. Let me take guess.... by simp · · Score: 5, Funny

    The subcontractor they hired to do the programming was called Diebold?

  2. And sooner or later... by Tuxedo+Jack · · Score: 4, Funny

    We'll no doubt see "All your missile base are belong to us" written on the system's password file.

    --

    Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
    1. Re:And sooner or later... by moon-monster · · Score: 3, Funny

      Or across the sky in big, fiery letters?

      --
      "Pokey, are you drunk on love?" "Yes. Also whiskey. But mostly love... and whiskey."
  3. Idea by KenDodd · · Score: 5, Funny

    Why not contract an Indian company to write it? Or make it a Sourceforge project. That always seem to generate high-calibre, error-free code.

    --
    Did you know my dad's dog died?
  4. I am not suprised! by bogaboga · · Score: 3, Insightful
    > Security Flaws Could Cripple Defense Network...

    This does not suprise me at all, after all, we as Americans are quickly proving that we're becoming the bastion of incompetence. From NASA,

    to the war in IRAQ,

    irregularities in elections,

    collapsing health care system,

    cronyism in government,

    out-sourcing out of hand,

    the massive trade deficit,

    the fact that communist China, Japan and the UK now help us with our balance of payments,

    failing education system,

    Katrina,....one wonders whether we as a nation can ever do anything right.

    Question is: Is there eanything really?

    1. Re:I am not suprised! by rolfwind · · Score: 4, Informative

      You forgot over $8 TRILLION in public debt - $30,000 for EVERY man, woman, and child in the US.

    2. Re:I am not suprised! by KenDodd · · Score: 3, Funny

      Hey man, don't forget our failure to win the men's 1500m speed skating gold in Turin!

      --
      Did you know my dad's dog died?
    3. Re:I am not suprised! by thatguywhoiam · · Score: 3, Funny
      You can count on the same anti-American slashbotism to get modded to 5, adding nothing, really, to the conversation.

      psst, hey buddy: check the location bar in your browser, whats that first word after http?

      --
      If Jesus wants me it knows where to find me.
  5. Oh, no, does this mean... by Jim+in+Buffalo · · Score: 3, Funny

    Does this mean the big fat trackball might not respond? Who's going to defend those six cities?

    --
    This sig, aah-ah, is comin' like a ghost-sig...
  6. Not to worry... by ipsuid · · Score: 4, Funny

    We'll just make talking about DOD security flaws illegal in Patriot Act 3 and then nobody will know.

    --
    It appears Ockham lost his razor and grew a beard.
  7. better head lines by iggy_mon · · Score: 3, Insightful


    Security Flaws Could Cripple Defense Network
    Drunk Driving Could Be Dangerous
    Microsoft Goes Head-to-Head With IBM
    Mixing Household Chemicals Could Be Dangerous

    notice a pattern? none of these headliness says or means anything. they border between "no $hit" and "duh".

    instead of that say-nothing giberish how about "group passwords threaten MDA's communications network"? see, now the head line says something.

    ps, not to be a jerk, just to point out an area where slashdot can be better than the rest.

    --
    --iggy_mon - www.ananonymouskiller.com - Die Trying -
  8. Not Surprised by musicon · · Score: 3, Interesting

    I'm not surprised in the slightest by the "revelation" in this FA.

    • For profit companies will always take the quickest, least expensive option available (in that order), even if it's not the correct decision.
    • Contract companies love to say "that's not in the contract, but we'd be happy to renegotiate and do it for $x."
  9. for the people jumping on the contractors by Anonymous Coward · · Score: 3, Insightful

    if its not in the contract, it is fraud for a government contractor to implement an extra feature or add-on to the system because the govt has to pay for the extra expenses (software developers' hours, testing, etc) incurred to make those improvements.

    so if the security is bad, and it wasnt in the contract, the only people who can begin to address this are actually the purchasing organization, not the developers. the purchaser **needs** to add these stipulations in the contract or else the contractor legally is not allowed to work on fixing it.

  10. Re:It's always a waste of money, until it works... by prurientknave · · Score: 3, Interesting

    No reason to get defensive from profiting a little bit from pork barrel politics. Everyone else is doing it, might as well get a piece of it while the getting is good. When I was working at parsons you should've seen the number of billable hours that were being pushed on the MTA for a terrorism vulnerability audit for what amounted to reading, highlighting and summarizing their existing procedures.

  11. Reports been pulled by Gyorg_Lavode · · Score: 3, Interesting

    Anyone realize that the report was pulled off the IG's website? It was 06-53 according to google. Now it's gone.

    --
    I do security
  12. IA Training, Air Force Style by Saeed+al-Sahaf · · Score: 3, Informative
    Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.

    Having been involved with the Air Force since 1985 and done my shair of IA traing, I can say it is basically worthless and more or less comes down to "Don't give out your password, or run software from home".

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  13. Re:It's always a waste of money, until it works... by John+Newman · · Score: 4, Interesting
    And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?
    True, but one can argue that at least a few of those scientists, engineers, technicians and support staff who are on the government dole building weapons could be better put to use creating new energy sources, curing diseases, advancing our understanding of the universe, etc. Every engineer employed by federal money to study a cutting-edge aspect of missle-defense mechanics is one fewer biologist or doctor funded by federal money to cure cancer. And right now there are many, many more of the former than the latter. Yeah, in a perfect world we'd fund both. But the reality is that defense spending is still booming while the NIH budget (barely a rounding error on the DoD budget anyway) is actually shinking in real terms.