File this under disappointing but not surprising. It turns out the U.S. military doesn’t do a very good job at all of keeping track of what software it has purchased, how that software is deployed, and if it’s still secure.
According to a report by the US Department of Defense Inspector General, none of the branches of the military maintain accurate records of what types of software they’re using.
That means taxpayer money is spent on expensive software that people may not have any idea how to use. But that also means they could be paying for updates and maintenance for software that doesn’t work anymore and that some programs aren’t getting necessary security updates.
In fact, it’s not possible to assess the full extent of any threats because the branches of the military haven’t fully reported which software is in use.
This includes the U.S.’s ballistic missile system, which according to a report issued earlier this year, might as well have 123456 for a password.
- Among the security failures uncovered:
- Managers did not require the use of two-factor authentication
- Vulnerabilities in the network were not identified or fixed
- Server racks were left unlocked
- Classified data stored on protected media were not monitored or protected
- Data was not encrypted
- No intrusion detection on system
As they say, realizing you have a problem is the first step to getting help. Recommendations have been issued that the government follow the same computer security rules that home users need to implement. Whether or not they will… time will tell.