No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US' ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).
The report was put together earlier this year, in April, after DOD IG officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS) --a DOD program developed to protect US territories by launching ballistic missiles to intercept enemy nuclear rockets.
But this recent security audit has concluded that "the Army, Navy, and MDA did not protect networks and systems that process, store, and transmit BMDS technical information."
Multifactor authentication was not consistently used
Auditors found several problematic areas. The biggest of these was in relation to multifactor authentication. (end of excerpt)
Click here for the full report (44 PDF pages) on the DoD IG website.