[ISN] DOD removes missile defense system report from Web site

InfoSec News isn at c4i.org
Tue Mar 21 04:12:14 EST 2006


http://www.fcw.com/article92668-03-20-06-Web

By Bob Brewin
Mar. 20, 2006

The Defense Department has removed from the DOD inspector general's
Web site a critical report that states that the network that links
radar systems, missile sites and command centers for the Missile
Defense Agency's (MDA) ground-based defense system has serious flaws
in the security technologies, policies and procedures needed to
protect the integrity, availability and confidentiality of information
on the network.

Federal Computer Week published a Web article [1] March 16 and a
follow-up print article [2] today about the report, which states that
MDA and Boeing, the prime contractor for the Ground-based Midcourse
Defense (GMD) system and the GMD Communications Network (GCN) have
allowed the use of group passwords on the unencrypted portion of the
GCN rather than requiring individual passwords.

The report also faults MDA and Boeing for the lack of automated audit
trails -- essential to catch inside or outside threats -- on the
network.

The report, "Select Controls for the Information Security of the
Ground-based Midcourse Defense Communications Network," vanished from
the DOD IG audit report this past weekend.

A DOD spokesman said he was working on getting an explanation from the
IG office on why the report was removed from the Web site, but he said
he was not optimistic about getting back to FCW today. An MDA
spokesman did not return calls from FCW asking for an explanation.

MDA is holding its annual conference today in Washington, D.C., at the
Ronald Reagan Building and International Trade Center, named after the
president who first advocated a missile defense system nicknamed "Star
Wars" to counter perceived missile threats from the now-defunct Soviet
Union.

FCW saved a digital version of the DOD IGN report [1] on the security
flaws in the GCN system and posted the report on its Web site.

[1] http://www.fcw.com/article92640-03-16-06-Web
[2] http://www.fcw.com/article92665-03-20-06-Print
[3] http://www.fcw.com/images/st_images/MDADODIGReport.pdf





More information about the ISN mailing list