Forgot your password?
typodupeerror

Security Flaws Could Cripple Defense Network 137

Posted by Zonk
from the good-enough-for-government-work dept.
userexec wrote to mention an FCW.com article about the uninspiring future for the Missile Defense System's software. The developers are apparently very worried about poor information security on the project. From the article: "The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 'was not in the contract.' The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated. "
This discussion has been archived. No new comments can be posted.

Security Flaws Could Cripple Defense Network

Comments Filter:
  • by simp (25997) on Saturday March 18, 2006 @05:27PM (#14949300)
    The subcontractor they hired to do the programming was called Diebold?
    • Probably SAIC - the CIA front company the Bush crime family uses for a lot of shady stuff.

      In any event, whatever company it was, look for the names Bush the Elder, James Baker, Rumsfeld, Cheney, et al, on the board of directors either present or past.

      That or the company is owned by the Carlyle Group.

      Or it's an Israeli company. We gave an Israeli company the contracts to run our law enforcement wire tapping operation - until employees got caught selling wiretap data to drug dealers in LA. The same company al
  • by Tuxedo Jack (648130) on Saturday March 18, 2006 @05:28PM (#14949310) Homepage
    We'll no doubt see "All your missile base are belong to us" written on the system's password file.
  • This is bad. (Score:1, Redundant)

    by Voltageaav (798022)
    Someone's head is going to roll over this one. The military has been really tight on network security lately, even with contractors. A hole as big as this is simply unacceptable.
    • Re:This is bad. (Score:3, Interesting)

      by Zeinfeld (263942)
      Someone's head is going to roll over this one. The military has been really tight on network security lately, even with contractors. A hole as big as this is simply unacceptable.

      Why is anyone going to care about a weapon system everyone knows is a dud anyway?

      The system has never once demonstrated that it works, every single test has either failed outright or been rigged. The only reason the program exists at all is to hand out taxpayer money to campaign contributors.

      • by Anonymous Coward

        The only reason the program exists at all is to hand out taxpayer money to campaign contributors.

        And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?

        Maybe my perspective is skewed. The only job offers (early career engineer) I was able to secure (

        • No reason to get defensive from profiting a little bit from pork barrel politics. Everyone else is doing it, might as well get a piece of it while the getting is good. When I was working at parsons you should've seen the number of billable hours that were being pushed on the MTA for a terrorism vulnerability audit for what amounted to reading, highlighting and summarizing their existing procedures.
        • Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy.

          DAMN! Someone has already accessed the Defense Network and gotten ahold of our super-secret National Missile Defense technical specifications!

          • This could be the world's most expensive honeypot, designed to make neighboring countries spend heaps and heaps of cash to keep up on nothing.

            Meanwhile, the *real* defense system is tied into George Bush's Play Station .. made by Sony.

            No cause for concern there folks, nothing more to see here .. move along .. move along ..
        • by John Newman (444192) on Saturday March 18, 2006 @10:14PM (#14950465)
          And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?
          True, but one can argue that at least a few of those scientists, engineers, technicians and support staff who are on the government dole building weapons could be better put to use creating new energy sources, curing diseases, advancing our understanding of the universe, etc. Every engineer employed by federal money to study a cutting-edge aspect of missle-defense mechanics is one fewer biologist or doctor funded by federal money to cure cancer. And right now there are many, many more of the former than the latter. Yeah, in a perfect world we'd fund both. But the reality is that defense spending is still booming while the NIH budget (barely a rounding error on the DoD budget anyway) is actually shinking in real terms.
        • And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?

          Are engaded in a corrupt, shameful use of their time? Yes absolutely.

          The UK deployed an anti-anti-balistic misslile system in the 70s called Chevalene. It worked by ejecting several hundred myla

      • Why is anyone going to care about a weapon system everyone knows is a dud anyway? The system has never once demonstrated that it works, every single test has either failed outright or been rigged. The only reason the program exists at all is to hand out taxpayer money to campaign contributors.

        Even if the system doesn't work, it's still bad to have unsecured access to it. It's certainly a concern that some terrorist might be able to infiltrate the system and use it to shoot down passenger planes or caus
      • You just don't realise how picky they are about security. It dosn't matter if it actually works or not or if it's just for PR either. They don't care how importand things are, they are security nazis on everything they have a hand in. There are DOD websites where all they have is information that is easily available in other public places for anyone to look at. But because it's a military site, it's password protected and encrypted. What's going to be served at the chow hall today is more secure than t
      • I assume the ones that failed were rigged to fail.
    • I agree. I do C&A work for the government. Systems which have zero impact on national security have to conform to NIST guidelines. The fact that none of this was in the contract and not implemented is pretty bad...
    • Re:This is bad. (Score:1, Interesting)

      by Anonymous Coward
      A hole as big as this is simply unacceptable.

      I doubt it. I mean, really, no level of failure or malfeasance in the missle shield project has dissuaded or concerned U.S. politicians one bit since it was first proposed. Why start now?
    • "Someone's head is going to roll over this one. The military has been really tight on network security lately, even with contractors. A hole as big as this is simply unacceptable."

      You'd be surprised.
    • Depends.

      If it was part of a Military Specification (or MilSpec), then the contractor had to follow it regardless of whether it was in the contract or not.

      However, if it was Military Standard instead, then the contractor doesn't have to follow them, even if the Standard is referenced in the contract. Only if the applicable part of the Standard is put into the contract without reference, thereby making it a contract term, is the contracted entity required to follow it.

      I realize that may be confusing, so I'll
  • Idea (Score:5, Funny)

    by KenDodd (961972) on Saturday March 18, 2006 @05:30PM (#14949318) Homepage
    Why not contract an Indian company to write it? Or make it a Sourceforge project. That always seem to generate high-calibre, error-free code.
    • Sourceforge is actually not a bad idea, but it won't happen. They want the system to remain as secrative as possible.
      • by Anonymous Coward
        There are sourceforge projects that *maybe* two people on the planet earth have accessed, and one of them might be googlebot. It's the perfect place to hide in semi plain sight, just label it an MP3 metadata morpher skindesigned to be posix non compliant text console only alpha planning stage and only run on os2 beta or something,and it'll stay hid forever.
  • I am not suprised! (Score:3, Insightful)

    by bogaboga (793279) on Saturday March 18, 2006 @05:30PM (#14949319)
    > Security Flaws Could Cripple Defense Network...

    This does not suprise me at all, after all, we as Americans are quickly proving that we're becoming the bastion of incompetence. From NASA,

    to the war in IRAQ,

    irregularities in elections,

    collapsing health care system,

    cronyism in government,

    out-sourcing out of hand,

    the massive trade deficit,

    the fact that communist China, Japan and the UK now help us with our balance of payments,

    failing education system,

    Katrina,....one wonders whether we as a nation can ever do anything right.

    Question is: Is there eanything really?

    • by rolfwind (528248) on Saturday March 18, 2006 @05:36PM (#14949350)
      You forgot over $8 TRILLION in public debt - $30,000 for EVERY man, woman, and child in the US.
      • Don't forget that America's vices cost more money than exists [theregister.co.uk].

        Satirical, but an amusing read.
      • You forgot over $8 TRILLION in public debt - $30,000 for EVERY man, woman, and child in the US.

        Hmm.... The national debt seems comparable to the total value of all SUVs/4x4 trucks in the US...

        Are you thinking what I'm thinking?
        • The national debt seems comparable to the total value of all SUVs/4x4 trucks in the US...

          Are you thinking what I'm thinking?


          Therefore ...... if we ... destroy all SUVs ... the national debt will be erased!!

          Yeah!!! Everybody grab your rocket launcher and head for the highways! Yeeee-ha!
        • Are you thinking what I'm thinking?

          I think so woolio, but how are we going to convince the TV networks to create new episodes of The Care Bears? Narf!

        • The vast majority [treas.gov] of federal debt instruments are held by the American government itself, states, private investors, pension funds, corporations, and the like. So we owe most of the national debt to ourselves.

          Only about $2T is owed to foreign investors, and I would think that Americans hold a comparable amount of foreign government securities.

          U.S. Treasuries are still the worldwide standard for what is considered a risk-free investment. All other bonds are benchmarked against Treasuries, worldwide. Fin

          • The vast majority of federal debt instruments are held by the American government itself, states, private investors, pension funds, corporations, and the like. So we owe most of the national debt to ourselves.

            Weird... [I am not an economist].

            Weren't large parts of the debt paid off [at one time] during the Clinton era? If most of the debt is held within the US and the govt pays it off using tax money, then in effect the cooperations are profiting from those paying taxes [which may be the most difficu
            • Weren't large parts of the debt paid off [at one time] during the Clinton era?

              During the Clinton administration, the (Republican) Congress passed the budget that had a surplus. That means the federal budget was taking in more tax money than it was spending. By the end of the Clinton administration, the economy was in a slump (thanks to Chairman Greenspan's insistance on a high prime interest rate.) Combined with September 11, 2001 the economy entered a weak recession, and the budget surplus became a defec

              • There's some decent technical information there, but there's a point I want to make. The budget did so well because we had a democratic president, and a republican congress. what this resulted in is a president that had to really work to push legislation that the congress would even approve. congress wouldn't spend money on most of clinton's spending proposals, and as a result of restrained spending, the economy benefited. There's one thing that makes the private economy more prosperous... less government i
          • The vast majority [treas.gov] of federal debt instruments are held by the American government itself, states, private investors, pension funds, corporations, and the like. So we owe most of the national debt to ourselves.

            Interesting that you bind the government and corporations together under the flag of "ourselves." Neither of those entities is related to the people of the United States, which is the most important entity of them all. It may come as a suprise to you and others of your ilk, but the coun

            • There is no more powerful and silent lobby in this country than the banking industry. They are making a (not small) fortune off of these loans and will eventually own this country outright, if they don't already.

              That would be the Chinese government.

            • Interesting that you bind the government and corporations together under the flag of "ourselves." Neither of those entities is related to the people of the United States, which is the most important entity of them all...

              The US government and US corporations ARE the result of the collective activity of groups of individuals. A corporation is an entity representing the interests of its stockholders, and the US government is an entity representing the interest of taxpayers and voters. Stockholders and taxpay

              • The US government and US corporations ARE the result of the collective activity of groups of individuals.

                So is the Ku Klux Klan, but they can go fuck themselves.

                I'll choose individual rights over the imperious desires of corporations and governments day of the week. You may find being a part of the machine a satisfying existence, but I prefer free will.

                • So is the Ku Klux Klan, but they can go fuck themselves

                  So if you don't agree with certain individuals, they forfeit their freedom of speech, assembly, etc? I personally abhor the KKK, but I will defend their right to speak, organize, buy property, and even particiapte in the democratic process as a group.

                  Yours is an inconsistent attitude towards to civil liberties that is commonly seen on the left end of the political spectrum. Mirror-image incosnistencies exist on the right, of course.

                  By the way, does

                  • So if you don't agree with certain individuals, they forfeit their freedom of speech, assembly, etc? I personally abhor the KKK, but I will defend their right to speak, organize, buy property, and even particiapte in the democratic process as a group.

                    Neat. That has nothing to do with the original argument. Corporations and individuals are separate entities. You cannot consider money delegated to corporations as benefitting the people. Read better.

                    Yours is an inconsistent attitude towards to civil li

      • and to think we've only spent $10 trillion on the "war on poverty" since LBJ. That sure is working out well..
      • You forgot over $8 TRILLION in public debt - $30,000 for EVERY man, woman, and child in the US.

        WTF! Stop having kids! OMG!
    • Hey man, don't forget our failure to win the men's 1500m speed skating gold in Turin!
    • Yeah, but that's not all. One wonders if people will ever stop astroturfing this and talk about tech again. From articles about Linux

      to robots

      to physics

      to the Internet

      You can count on the same anti-American slashbotism to get modded to 5, adding nothing, really, to the conversation.

      I salute you!
    • If you read the history of the last days of the Roman Empire, it does not read a lot different than this. It was basically power struggles, greed and corruption from within. The foundational requirements of any society is conformance to some agreed minimal ethical and moral standards. When the foundation crumbles the building collapses.
      • by Anonymous Coward
        The foundational requirements of any society is conformance to some agreed minimal ethical and moral standards.
        Standards are of course the first sacrifices of a multi-culturalist state.
    • by Anonymous Coward
      I think that the greatest sign of US incompetence is the fact that we tricked ourselves into believing that Iraq was a failure and that we are evil for our successes. If our successes are failures, and perfection is our only satisfying goal, we will never succeed again. Thank you for guaranteeing our failure.

      Completely invading and occupying a nation the size of California with a 25m+ population and suffering fewer than 3000 casualties after three years is a failure? A foreign inspired (Syria and Iran, and
      • But take a look at last weeks campaign, Operation Swarmer. The Iraqis mostly led this. None of our gun ships had to open fire and there were 0 casualties.

        Operation Swarmer was pure spin.

        But contrary to what many many television networks erroneously reported, the operation was by no means the largest use of airpower since the start of the war. ("Air Assault" is a military term that refers specifically to transporting troops into an area.) In fact, there were no airstrikes and no leading insurgents were n

    • by Anonymous Coward
      In your desperate attempt to show how much of a failure the US is, you only highlight how great it is, and how other countries are far, far behind.

      NASA- nobody else come close in terms of accomplishments, missions, discoveries, etc. Other countries could only hope for the failures that NASA has come through.

      "Collapsing" health care and education system- It's funny how so many other people from around the world come to the US for health care or education.

      Outsourcing, elections, blah blah blah- stuff that ha
    • You left out gay marriage, hip hop, ritalin and a media whose heart is in synch with Al Qaeda.
    • My latest pet theory on what happened to the US: We have this lousy selection of enemies. Back in WW2, we had to push our science resources to the max to stay ahead of Japanese technology and German engineering. During the Cold War, we got so paranoid about the Russians beating us into space that we had to beat them to the moon. During that golden age for US science and education, our cultural heros were more apt to be Einstein.

      Now, our primary enemies are in the Middle East, and their chief skill is pump

    • I have to take exception with some of these:

      irregularities in elections,

      The 2000 election was cooincidently very close. I don't think any country has perfect elections.

      cronyism in government,

      Again, what govmt do you hold up as a fine example? Shenanagans happen.

      failing education system,

      Personally, I think most education is not very practical anyhow. It does not reflect what people actually do at work, and outsourcing will take us further away from physics-oriented stuff (I agree with your outsourcing
    • Excuse me if I'm wrong, but you probably believe the government should take care of you. Where care is mandated or the patient can't shop for a good price, I might agree with that. You're not in a position to discuss alternatives if you have a cracked skull and bleeding brain. Other than that though...

      Our problems do not come from a "failure" to socialize medicine. When I was up in Canada, the news was that brain scanners were mostly going to places with powerful politicians. Quebec got an unfair share. M

  • by Jim in Buffalo (939861) on Saturday March 18, 2006 @05:32PM (#14949327)
    Does this mean the big fat trackball might not respond? Who's going to defend those six cities?
  • MDA AKA (Score:2, Informative)

    by Al Mutasim (831844)
    The Missile Defense Agency (MDA) is George W. Bush's name for the Ballistic Missile Defense Organization (BMDO), which was Bill Clinton's name for the Strategic Defense Initiative Organization (SDIO), which was Ronald Reagan's "Star Wars."
  • by creimer (824291) on Saturday March 18, 2006 @05:33PM (#14949335) Homepage
    How many more $500 USD toliet seats does the taxpayers have to buy before Boeing upgrades their network?
    • As long as there are arseholes that need pampering, they'll continue to buy them, my friend!
    • How many more $500 USD toliet seats does the taxpayers have to buy before Boeing upgrades their network?
        Mod up from troll, since you've never been in the US military. I was in the US Navy and actually priced out the costs for Snap-On tools that we had vs buying as a "normal" buyer, and we're talking a 20-50% markup. Get a clue.
  • Crapola (Score:3, Insightful)

    by N8F8 (4562) on Saturday March 18, 2006 @05:42PM (#14949377)
    No matter what you do to design a system there will always be some hack who comes along to crap on your project. Just because you think you know better doesn't make it true. It certainly doesn't help that sites like this one jump on every little aberrant report like a pack of jackals.
    • No matter what you do to design a system there will always be some hack who comes along to crap on your project

      So you are arguing that the whole idea of a missile defense program is bogus, that it can never work and that we should therefore pay a hundred billion dollars for one that does not work because it could not be expected to work?

    • Seems to me that this system shouldn't be connected to the internet. Then you only have histroic problems such as spies; hacking's a no-go unless you're physically on the premsises.
  • Somebody correct me if I am wrong about this, but a system like this should be run in an airgapped environment where external interfaces (radars, etc) are not ones which you can ssh over or anything like that. Most likely every interface into the system will do exactly what it is designed for and nothing else.

    People who have access to workstations on the system should need to go through a significant amount of physical security before they are able to do anything. At least thats how similar systems I have

    • >People who have access to workstations on the system should need to go through a significant amount of physical security before they are able to do anything.

      Once the person is through physical security, what will that person do? They have to be clueful as well as loyal in order to be safe for the network. One of the reported problems is that they weren't getting security training.
      • Once the person is through physical security, what will that person do? They have to be clueful as well as loyal in order to be safe for the network

        My mental image is of a small team of well drilled military people who know exactly how to do their jobs. Maybe thats a wrong image. If so thats the real problem.

        No amount of computer security will protect a system if the operational side hasn't been thought out.

    • There is an airgap in the system.
      All the modems are connected to unlisted telephone numbers.
  • Their plans totally Bombed... I mean seriously, they Blew Up in their faces.
  • I'm sure this will be just as fixable as the Command Navigation Program. Trust the government.
  • This software was probably one of the easiest parts to this whole missile defense debacle. What's worse is that there has been evel less success with the hard parts. i.e. Actually hitting incomming missiles, or even getting permission from governments such as Canada to even try to hit them over their airspace. Perhaps even harder yet is justifying the need for missile defense at all when the only likely source of a nuclear attack is from terrorists who would most likely smuggle a bomb in through the U.S.
  • by ipsuid (568665) <ipsuid@yahoo.com> on Saturday March 18, 2006 @06:00PM (#14949467) Journal
    We'll just make talking about DOD security flaws illegal in Patriot Act 3 and then nobody will know.
  • better head lines (Score:3, Insightful)

    by iggy_mon (737886) on Saturday March 18, 2006 @06:00PM (#14949468) Homepage

    Security Flaws Could Cripple Defense Network
    Drunk Driving Could Be Dangerous
    Microsoft Goes Head-to-Head With IBM
    Mixing Household Chemicals Could Be Dangerous

    notice a pattern? none of these headliness says or means anything. they border between "no $hit" and "duh".

    instead of that say-nothing giberish how about "group passwords threaten MDA's communications network"? see, now the head line says something.

    ps, not to be a jerk, just to point out an area where slashdot can be better than the rest.
  • by MECC (8478) * on Saturday March 18, 2006 @06:05PM (#14949486)

    How about Global Thermonuclear war?
  • ...You'd think after the Cylon's infiltration of the Caprica global network that someone would have taken this a little more seriously.
  • Not Surprised (Score:4, Interesting)

    by musicon (724240) on Saturday March 18, 2006 @06:11PM (#14949502) Homepage

    I'm not surprised in the slightest by the "revelation" in this FA.

    • For profit companies will always take the quickest, least expensive option available (in that order), even if it's not the correct decision.
    • Contract companies love to say "that's not in the contract, but we'd be happy to renegotiate and do it for $x."
    • Re:Not Surprised (Score:2, Insightful)

      by Aragorn379 (260855)
      Contract companies love to say "that's not in the contract, but we'd be happy to renegotiate and do it for $x."

      And for good reason. Same reason that when you order a Dodge Neon they don't ship you a Dodge Viper. The contract is what is specifying what the government is buying. Change what the government is buying to enhance it and it's not really surprising that they want more money to produce it. Taking the least expensive option is usually the right option for the company even if it isn't in the sy
    • Re:Not Surprised (Score:3, Interesting)

      by Gyorg_Lavode (520114)
      Actually, what they say is "we'd love to do it. Now we need X man hours to develop that price for you."
    • Sir, you have a fabulous grasp of the obvious. One which far exceeds many people in charge of a multi-million dollar budget.

      Contractors and their employers have diametrically opposed goals. The successful use of a contractor for a critical system requires

      - Careful planning to anticipate future needs and changing conditions.
      - Very skillfully written contracts.
      - A process of oversight and review by skilled people who know WTF they are doing.

      The employer is doing most of the planning, a lot of the management,
  • by Anonymous Coward on Saturday March 18, 2006 @06:17PM (#14949532)
    if its not in the contract, it is fraud for a government contractor to implement an extra feature or add-on to the system because the govt has to pay for the extra expenses (software developers' hours, testing, etc) incurred to make those improvements.

    so if the security is bad, and it wasnt in the contract, the only people who can begin to address this are actually the purchasing organization, not the developers. the purchaser **needs** to add these stipulations in the contract or else the contractor legally is not allowed to work on fixing it.
  • Back in 1983, I saw this great documentary about a teenager hacking into a defense computer. Can't quite remember the name, though...
  • I must say this is astounding from a legal services point of view. I've seen defence contracts here in Australia, working at a law firm that works for Defence (and other government agencies). The usual practice is to start with a standard form contract which says something to the effect that the contractor must comply with the Defence Security [Directive / Policy / Determination / etc] dated []. And you always do a search before the final draft for "" and replace with appropriate information if it hasn't al
    • I must say this is astounding from a legal services point of view.

      I don't. When I worked for a state government road building authority I saw us send out contracts for software which specified precicely how all asphalting works were to be carried out.

  • by brennz (715237) on Saturday March 18, 2006 @06:44PM (#14949671)
    My guess is the MDA was not reading the DOD guidelines on IA http://www.dtic.mil/whs/directives/corres/html/850 02.htm [dtic.mil] (among many other pubs) which is pretty clear. Being a classified mission critical system used for warfighting, they would fit into the MAC I, confidentiality=high baseline.

    Lets hope their contract gets recompeted so my company can head over there!
    • by Anonymous Coward
      That document is from Feb 03. Do you think the GMD contract MAY be a little older than it?

      And whats your company going to do? Really only Boeing, Lockheed Martin and Northrop Grumman are big enough to handle the prime contract.

  • Oh comon, everyone who watches "24" knows that you have to open a SOCKET before you talk to other defense-department computers! And it's really hard to do - all the CTU big-bosses always need to ask one of the geeks in the office to "open a socket to Division". The defense network is SECURE, I REST MY CASE!
  • One weakness in many defense organizations is that so much of policy (IA) is a pain in the ass, but you learn to live with the pain as part of the job. If the people administering accounts, policy, and systems do not appreciate the reasons why the policies exit, they will not enforce them. If you are handed a 150 page procedure to read and sign that you have read it and you need the information access now, what are the chances you skipped the page that says you must do X to do Y? They are very high.

    Also, w

    • I interviewed iwth one of these groups last summer. Believe it or not, they tolde me that they do a lot of sourcing to american companies who foreign outsource (thus staying off the radar as far as foreign outsourcing concerns go)

      More significantly, they use COTS software products, some of which are produced and maintained in countries that are likely to be on the receiving end of the target list. It should be fascinating to find out what happens if they ever try using it against one of those countries.

      Inc
  • Yeah, and monkeys might fly out of my behind. The acceleration due to gravity at the surface of the earth may be 9.8 m/s^2. Who's to say?
  • Alright so they f!@#@$# up here - no doubt about it. However, a major goal of setting up GMD was to get it up fast so they could learn from it and refactor later (yes, MDA is practicing Agile development!). And they are refactoring the whole system right now.

    Not just GMD, but the whole system of systems including Aegis, THAAD, Airborne Lasers, advanced sensors and more. So in the long run I think MDA is following the right strategy - build stuff quick and refactor as needed. I believe this is far mor

  • Reports been pulled (Score:4, Interesting)

    by Gyorg_Lavode (520114) on Saturday March 18, 2006 @07:39PM (#14949934)
    Anyone realize that the report was pulled off the IG's website? It was 06-53 according to google. Now it's gone.
  • Missle system kills security leaks!

    (Sorry, I'm really sorry. I can't stop.)
  • From the article: more than 20-year-old DOD security policies

    So that would put it in the early 1980s... but in the 60s and 70s, the missile launch passwords were all "00000000" (also see [damninteresting.com]here [columbia.edu]).

  • by Saeed al-Sahaf (665390) on Saturday March 18, 2006 @09:04PM (#14950261) Homepage
    Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.

    Having been involved with the Air Force since 1985 and done my shair of IA traing, I can say it is basically worthless and more or less comes down to "Don't give out your password, or run software from home".

  • In the '06 and '08 elections, if a candidate for a federal-level race won't commit to ending this pointless, then don't vote for them.

    If they do commit to ending the project, send them cash, since they won't be getting any from the defense contractors.
  • Just so you know (Score:2, Informative)

    by azrider (918631)
    I used to work for a defense contractor on classified networks. When we stood up a new lab, there was a briefing for all employees with access (AKA need to know). They were told that the SA's (I was one) were the first line. In other words, if we said no, the answer was to be interpreted as "no way in hell". My group, however, was in the minority (we said no more often than we said yes). Every request was checked into using the NISPOM. Every software request was extensively checked. Unfortunately, thi

Luck, that's when preparation and opportunity meet. -- P.E. Trudeau

Working...