One day one of us may be the ones auditing US Ballistic Missile Defense Systems. As the title suggests, they failed a cyber security audit recently. Numerous vulnerabilities were found. Users were instructed to only use single-factor authentication for 15 days after account creation. However, there was no mechanism for enforcing this, and people used single-factor authentication for a long time after 15 days. Once identified, multiple vulnerabilities were not patched at at numerous stations. Data that was stored on removable devices was not being encrypted. These vulnerabilities, among many others, contributed to the systems’ failure to pass the cybersecurity audit. These are all relatively fixable things. It seems like the employees or whoever is responsible for cyber security is simply being lazy.
https://www.bleepingcomputer.com/news/security/us-ballistic-missile-defense-systems-fail-cybersecurity-audit/
Hi Connor,
This is a scary development where you hear a U.S. Ballistic Missile Defense Systems failed audit. This may open up to any attack and we would expect more security from US government.