You probably know the story: For around 20 years the code for the nuclear missiles in the US was 00000000. What sounds ridiculous is actually true – the thought behind it was apparently to make sure that the weapons could be launched as easy and quick as possible.
Luckily we have learned a lot since then, right? Weeeeeell yes, at least to some degree. Sadly though not as much as you’d like, especially when it comes to dangerous weapons that can potentially cause a lot of damage.
Simple security measures not implemented
A recent security audit of the U.S. ballistic Missile Defense System shows that there are basic cybersecurity steps missing in order to make sure that everything stays secure and in U.S. hands. The report is more or less just a long list of things that have never been fixed or where the security has been found lacking – with a couple of suggestions that for most people are common sense:
- using multifactor authentication;
- mitigating vulnerabilities in a timely manner;
- requiring and maintaining justifications for accessing networks;
- Encrypt ballistic missile defense system technical information stored on removable media.
Some flaws date back to the 90s
Yes, apparently fixing bugs is – next to actually using some form of Two Factor Authentication (2FA) – something that has been sorely neglected: One issue had first been identified in 1990!
A lot of the above problems seem like no brainers but apparently are not. If you take the time to read the report you will find even more issues like unlocked server racks, security doors that have not been working for years, and more.
It seems almost crazy that an institution assigned with protecting people has probably more security issues than your average home PC!
Keep your system up-to-date
Now what can you learn from this horrid state of security the U.S. ballistic Missile Defense System is in? A couple of things:
- Make sure your PC and the apps on it are always up to date. While unlikely that you will have flaws from the 90s, even bugs that are only a week old and remain unpatched can allow cybercriminals to hijack your system
- Use 2FA whenever possible. While definitely more work, it’s also way more secure.
- Make sure the security measures you have in place actually work. That means a VPN and fully armed Antivirus should be in place to protect your system the way it was meant to be.