Physics & Society | January 2019 | by Lauren J. Borja and M. V. Ramana, School of Public Policy and Global Affairs, University of British Columbia
In October 2018, the United States Government Accountability Organization (GAO) reported that “mission-critical cyber vulnerabilities” had been found in many weapon systems being developed by the U.S. Department of Defense (DOD). These vulnerabilities allowed testers to “take control of systems and largely operate undetected” [1, p. 21], and could allow hackers to do the same.
The GAO report identified three underlying reasons for this problem. First, computers have proliferated in the designs of almost all weapon systems and enable many of their functions and communications. Second, the DOD has only recently prioritized cybersecurity in its weapon systems; in many cases, cybersecurity was not even a consideration when earlier weapon systems were designed. Finally, the DOD has a shallow understanding of how to construct secure weapon systems after ignoring them for many years. As a result, the GAO report said, the DOD has fielded a generation of insecure weapon systems, which could jeopardize military networks for years to come.