back to article US may have by far the world's biggest military budget but it's not showing in security

If you were worried about the state of US military security systems you might not want to read the results of its latest audit. A “red teamer” cracked into a US Department of Defense system and rebooted it, but nobody noticed: the system suffered unexplained crashes. In another case, testers “caused a pop-up message to appear …

COMMENTS

This topic is closed for new posts.

Page:

    1. amanfromMars 1 Silver badge

      Big Budgets Ensure Safe Bets and Ensnare Strange Sources? Or are Strange Source Exposed?

      Good luck finding the non-existent secret effective decoy shadow system .... Yet Another Anonymous coward

      The fact that you don't recognise the Existing Military Industrial Complex as the already heavily deployed decoy not reporting on NEUKlearer HyperRadioProACTivated Virtualised Systems of Almighty COSMIC Dimension, is sure proof positive of an altogether different system beyond Shadowy Control and Shady Command of Flash Crash Collapsing Systems/Parasitic Executive Administration.

      And with particular and peculiar specific regard to ....

      Would that be a budget big enough to support an entire bug-ridden comms system as a decoy, while having an altogether different system sitting behind it in the shadows?

      Age-old military tactic. ... Nick Kew

      ..... Is that one of those New ERa Tools for Weaponisation and Live Fire BetaTesting in Novel Fields of Engagement and Employment ..... Guaranteeing Future Alien Contact with Earthly Contracts to Deliver on Supplied Promises Tendered via Shared Enlightening Words delivering Other Worldly Facts to Populate and Seed New Spaces and Out of the World Places, or a whole host of them stored in Impregnable Arsenals ... which be the Very Sweetest of Immaculately Deep HoneyPots.

      Is Resistance to such AI Charm, Futile? Is Total Surrender to ITs Stated Promise, Heavenly Reward and One's Just Dessert? :-)

      Answer that Holy Trinity of Questions both Correctly and Sincerely, and One be Really Powerful, for there be Others More Powerful in Waiting to Provide Everything Worthy of Almighty Future Services.

      1. Anonymous Coward
        Anonymous Coward

        Re: Big Budgets Ensure Safe Bets and Ensnare Strange Sources? Or are Strange Source Exposed?

        Beats running amfm :-)

        1. amanfromMars 1 Silver badge

          Re: Big Budgets Ensure Safe Bets and Ensnare Strange Sources? Or are Strange Source Exposed?

          Beats running amfm :-) .... Anonymous Coward

          Sure does, AC .... and it is hard to believe things can be so easily done so freely. :-)

          But hey, that is just the very surreal nature of future virtualised things and nothing at all to be worried or too excited about unless worthy of specific attention and mention.

  1. Wellyboot Silver badge
    Facepalm

    corporate link

    >>>Some systems can't even be tested properly: one system used proprietary black-box hardware and software and depended on a connection back to a contractor's corporate network, which was off-limits to the testers.<<<

    Would that be a major aircraft manufacturer by any chance?

  2. Version 1.0 Silver badge

    Not Again!

    This has been going on for a long time, I remember when some kid hacked into WOPR with their IMSAI and nearly started a war.

    1. Stevie Silver badge

      Re: Not Again!

      And don't forget that whole "Gibson" fiasco.

    2. Nick Kew

      Re: Not Again!

      Was that the battlefleet that got eaten by a small dog?

  3. Bronek Kozicki

    Large systems are difficult

    The engineering approach is to start from the assumption that at any given time, some part of the systems will be in "bad" state. If you start from that, then bugfix releases or configuration updates are just variables in the complex equation of "how much more broken could it become if we (do not) do that". Of course, the military cannot have that - hence there is no functioning monitoring, no canary releases, no fault tolerance, no regular disaster recovery exercises, no nothing. Just put it all together and hope it holds shape. Because in military, apparently "hope" is a strategy. Who would have thought?

    1. Claptrap314 Silver badge

      Re: Large systems are difficult

      Found the (other) Google SRE. (Or former, as is my case.) :D

  4. Mike 137 Silver badge

    They're not much good at communication either

    Can anyone explain why a document titled WEAPON SYSTEMS CYBERSECURITY has the snappy and informative file name 694913.pdf?

    I may be old fashioned, but I was under the impression that a file name was supposed to help the potential reader identify the content of the file...

    1. adam payne

      Re: They're not much good at communication either

      Not when you want to bury it.

    2. Stevie Silver badge

      Re: They're not much good at communication either

      Security, man!

    3. Uffish

      Re: They're not much good at communication either

      But Google is very good at finding things;

      "694913.pdf" gives "https://www.gao.gov/assets/700/694913.pdf" as the first response.

      edit:

      ... and the second response was "https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/694913/dwp-ss030-security-standard-oracle-database-security.pdf" _ what is it with 694913 and cybersecurity?

      1. Danny 2 Silver badge

        Re: They're not much good at communication either

        69 - we are fucking each other

        49 - down a deep mine shaft

        13 - and it's sinister

  5. adam payne
    Joke

    In another case, testers “caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.”

    Did anyone ring the hell desk asking where the slot was for the quarters?

    1. Giovani Tapini
      Joke

      Don't you know?

      The MMC card slot is just about right...

    2. Yet Another Anonymous coward Silver badge

      Did anyone ring the hell desk asking where the slot was for the quarters?

      It's the military, they rang the help desk asking which form they should use to requisition the quarters and how much each quarter would cost for budgeting purposes

  6. Anonymous Coward
    Anonymous Coward

    Patching strategy

    > ”Officials from one program we met with said they are supposed to apply patches within 21 days of when they are released, but fully testing a patch can take months due to the complexity of the system;

    I'd love to see the reaction from some US General when he's told that he can't have a new system because it would be too complicated to patch according to the DoD's own guidelines.

    1. vtcodger Silver badge

      Re: Patching strategy

      Can't say for sure, but based on my limited experience, the last thing most high ranking officers want is more problems. They are quite a conservative lot and their jobs come with more sufficient problems. The constant (often broken) updates that IT folks think of as necessary improvements probably look to them more like aggravation than assistance.

  7. sitta_europea Silver badge

    And gao.gov uses qwest nameservers??!!

  8. ZenCoder
    Mushroom

    Choose the nuclear options and don't pay for defective goods.

    Just make is to that it is impossible not to stay in business unless every programmer is trained in security and constantly has security in mind while working and the final product isn't a complete embarrassment after a Red Team gets a month or so to attack it.

    As long as you can get paid once to half ass something, then paid to again and again to fix it over and over, and still remain in business this problem is not going away.

  9. Danny 2 Silver badge

    You'll have to answer to the Coca-Cola company

    This is where the quarters come from.

    https://www.youtube.com/watch?v=DUAK7t3Lf8s

  10. Claptrap314 Silver badge

    "Good Enough for Government Work"

    Bane of my existence while in the Air Force. I don't think I could have made it as a lifer.

  11. MachDiamond Silver badge

    Bloat

    Most new military hardware is just an ever increasingly way to add complexity to a problem. It must be due to simple solutions not having the ability to generate really large research budgets or invoices.

    What was the book? "Superiority"?

    What's more frightening to an enemy:

    1. 3 latest generation stealth fighter/bombers (F-22/F-35,B-2)

    2. 100 older generation fighter/bombers (F-16/A-10,B-52)

    Brute force and ignorance is the name of the game in warfare. The advanced stuff has the tendency to go "bing" when it's really needed.

    Ron White has a great line, "I don't know how many it would take to throw me out, but I knew how many they were gonna use." I'd be a bit more daunted by pure numbers.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021