To Keep Hackers Out of US Weapons, the Pentagon Needs to Get In – By Egon Rinderer (SHIFT5) / May 6, 2023
Constant surveillance of data flows is key to spotting dangerous intrusions.
The Pentagon’s efforts to protect its data networks mustn’t stop at its industrial & IT systems; its vehicles and weapons are vulnerable as well. But the military’s ability to defend these systems is hampered by its inability to monitor even their most basic inner workings.
We’ve been warned about the threats. Last year, the Cybersecurity and Infrastructure Security Agency detailed how Russia stole sensitive information about weapons from U.S. defense contractors. The Government Accountability Office has issued several reports of its own.
Many systems aboard U.S. weapons and military vehicles are built to conceal these inner workings, even from their customer. There are several reasons for this “black box” approach. Component seals can simplify the task of maintaining such things as flight-worthiness certifications. They can help suppliers win and keep lucrative support contracts. And, in theory at least, they deny attackers knowledge of key systems.
But if a half-century of enterprise IT has taught us anything, it’s that the “security through obscurity” approach fails, every time. Indeed, it hurts the Pentagon’s ability to understand their systems’ vulnerabilities and to know when they have been compromised. It also strips the military of valuable data that could be used to guide maintenance, predict component failure, and even improve training.
CONTINUE > https://www.defenseone.com/ideas/2023/05/keep-hackers-out-us-weapons-pentagon-needs-get/386034/
