Pentagon office left military designs for bulletproof vests, vehicle equipment open to hackers, and guard dog finds

0

Written by Tonya Riley

The U.S. military’s 3D printing office has left defense technology designs vulnerable to theft by hackers and adversaries, according to a surveillance report released Wednesday.

If left unchecked, the security holes could lead to a number of nightmarish scenarios, including adversaries stealing military designs, compromising Department of Defense networks or even introduce flaws into design data that could end up in battlefield products, the report authors concluded. The designs included blueprints for bulletproof vests, tactical vehicle equipment, weapon system mounts and prosthetic body parts, according to the report.

The report found that officials were unaware the systems were connected to local area networks and the Internet. Because the systems were misclassified, the office did not complete the risk assessment required by the department at all. Officials also did not monitor removable media entering the systems.

The security breaches have reportedly left a plethora of entry points for hackers. As DHS ‘ The Cybersecurity and Infrastructure Security Agency warns, removable media such as USB keys provide hackers an inexpensive and portable way to infect computers with malware.

Although the Defense Ministry’s information officer disagreed with several recommendations, the actions planned by individual offices sufficiently meet the intent of the recommendations, according to the Inspector General’s office. The DoD component manufacturing office has agreed to update all computer operating systems to the most recent version required by the DoD.

Pentagon officials also missed basic systems maintenance, including failing to patch a 2019 vulnerability that would have allowed attackers to use unauthorized access to a single computer to gain access to others within the network, according to the report. Of the 46 computers connected to the printing tools, 35 had not been updated for more than five years, endangering the computers and printers connected to them.

Part of the problem was that people working with the technology didn’t understand how printers, in which the military has increased investment over the past five years, differed from traditional production tools.

“Marine engineers FRC-SW said they treated AM systems like other manufacturing machines, such as milling and welding machines that did not require cybersecurity consideration,” notes the report.

The report recommends that the DoD Chief Information Officer require systems to immediately establish and implement security controls.

Leave A Reply

Your email address will not be published.