Missile defense network open to cyberattack

DOD IG report on GMD Network Security Flaws

The network that links radar systems, missile sites and command centers for the Missile Defense Agency’s (MDA) ground-based defense system has serious flaws in the security technologies, policies and procedures needed to protect the integrity, availability and confidentiality of information on the network, according to a Defense Department inspector general report.

The report, released last month, states that MDA and Boeing, the prime contractor for the Ground-based Midcourse Defense (GMD) system and the GMD Communications Network (GCN) have allowed the use of group passwords on the unencrypted portion of the GCN rather than requiring individual passwords. Neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on the unencrypted communications network under development by Northrop Grumman because such a requirement “was not in the contract,” according to the report. However, current DOD policies require such automated network monitoring.

The network was developed to conform to DOD security policies that are more than 20 years old rather than recent guidelines and lacks a comprehensive process for managing user accounts, the report states. The DOD IG said unidentified contractor officials said it would have been too costly to adhere to more current and stringent DOD security rules for the network because it has been in development for five years.

MDA and Boeing also did not verify until July 2005 — a full year after the network became operational — that users had the requisite security clearances to access the network. In addition, the systems administrator responsible for GCN accounts was allowed to create his own account that granted him special access to the network, the report states.

The network also lacks a backup contingency plan because GMD officials believe built-in redundancy would mitigate most interruptions, the DOD IG said.

Due to those poor polices and procedures, the DOD IG report states that MDA and Boeing officials “may not be able to reduce the risk and magnitude of harm resulting from misuse or unauthorized access or modification of information [on the network] and ensure the continuity of the system in the event of an interruption.”

Philip Coyle, a senior adviser at the Center for Defense Information, said the poor security for the GCN shows a lack of discipline at MDA, which he said resulted from a top-level decision by DOD in 2002 to allow the agency to operate outside the strictures of the normal acquisition environment. Coyle was assistant secretary of Defense and director for operational test and evaluation from 1994 to 2001.

Because President Bush pushed development of GMD to defend the nation from missile attacks from Asia or the Middle East, Coyle said he found it difficult to understand why MDA would not take the steps required to defend the GMD network. Coyle said the costs of network security are trivial compared with the billions of dollars needed to develop the system.

It makes no sense, Coyle added, to base development of GCN security on 20-year-old security guidelines instead of current ones.

David Wright, a senior scientist with the Union of Concerned Scientists (UCS), said that he was surprised by network flaws outlined in the DOD IG report such as audit trails and individual passwords. “Sounds like the kind of stuff routinely done with this kind of network. It’s hard to imagine they would design one without it,” he said.

Stephen Young, an MDA analyst at UCS, said the security flaws could affect operation of the entire GMD project. “The network is absolutely essential to GMD.… Without it, the system can’t work,” he said.

Although hesitant to discuss the security of a network without fully understanding its architecture, Bruce Schneier, chief technology officer at Counterpane Internet Security, said an automated audit trail system was vital to detect threats from insiders and attacks by outside hackers.

Spokesmen for MDA, Boeing and Northrop Grumman declined to answer questions from Federal Computer Week. An MDA spokesman said his agency would not answer any press questions until it responds to the IG on March 24.

Boeing also did not respond to a request by FCW to provide an architectural description of the GCN. But Harris Corp., a GCN subcontractor, described the network on its Web site as “the largest synchronous optical networking ring in the world” and states that it “includes more than 20,000 miles of fiber crossing 30 states and will connect all GMD sites.”

MDA budget documents describe the GCN as a fiber-optic network interconnected with military satellites. Those budget documents state that the GCN connects the two missile silo sites to control and communications nodes at Fort Greeley and Schriever Air Force Base and the Cheyenne Mountain Operations Center, both in Colorado, as well as radar systems in Alaska and a test bed in Huntsville, Alabama.