The DOD Ballistic Missile Defense Facilities Not Properly Secured According to DOD OIG Report Released Last Week
The U.S. Department of Defense’s Office of the Inspector General blew the whistle last week in the report they released detailing security gaps at important DoD U.S. Ballistic Missile Defense Facilities. The report indicates that many important Information Security standards are not presently being used as required by compliance standards for U.S. Government IT Networks. Some of the short falls in securing these networks include:
- Lack of consistent usage of multi-factor authentication
- Server racks left physically insecure with locks not enabled
- Lack of securing the use of external removable media using common protection measures such as encryption
- Lack of consistent use of encryption in transmitting information between devices
- Lack of commonly used intrusion detection technologies on classified networks to alert staff to compromised systems
- Failure to implement concepts of least privilege access when providing elevated system access for users
- Failure to ensure security controls are consistently implemented and access the impact of missing security controls
The report details that these security short comings could compromise our U.S. military’s ability to defend against missile attacks.
- The report makes specific recommendations including:
- Implementing multi-factor authentication unilaterally across DOD Missile Defense networks
- Mitigating vulnerabilities in a timely manner
- Protecting data on removable media
- Implementing intrusion detection capabilities
- Enforcing the use of multi-factor authentication to access systems that process, store and transmit Ballistic Missile Defense Systems information and only allow exemption from the multi-factor requirement with a waiver issued by the DoD Chief Information Officer
- Install security cameras with “facial recognition and pattern detection technology” (My guess as to what was redacted) to monitor personnel movements throughout their facilities
The report further requests that all CIO’s, Commanding Generals and Directors comment and reply to the report by January 8th, 2019.
A description of the Ballistic Missile Defense System as defined in the report follows:
Ballistic Missile Defense System
The BMDS is designed to destroy hostile missiles of all ranges—short, medium, intermediate, and long—and their warheads before the missiles reach their intended
targets. The BMDS is a system of elements that enable the DoD to execute a layered defense to defend against hostile missiles in all phases of flight: boost, midcourse, and
The elements are:
- Aegis Ballistic Missile Defense – the naval component of BMDS that builds upon the existing Aegis Weapon System, Standard Missile, and Navy and joint forces command, control, and communication systems and which detects and tracks ballistic missiles of all ranges.
- Ground-based Midcourse Defense – the communications networks, fire control systems, sensors, and interceptors that allow combatant commanders to engage and destroy intermediate- and long-range ballistic missile threats in space.
- PATRIOT Advanced Capability-3 – a land-based element that provides simultaneous air and missile defense capabilities.
- Terminal High Altitude Area Defense – a globally-transportable, rapidly deployable capability that intercepts and destroys ballistic missiles inside or outside of the atmosphere during their final phase of flight.
The boost phase is the firing stage of the missile, the midcourse phase is when the missile begins coasting towards its target, and the terminal phase is the missile’s last opportunity to intercept warheads before reaching its target.
The BMDS architecture contains the following support elements:
- networked sensors and radars (ground- and sea-based) that detect and
track potential targets;
- interceptor missiles (ground- and sea-based) that destroy ballistic missiles
using either direct impact or explosion; and
- a command, control, battle management, and communications network that
provides operational commanders with information on the sensors and
According to the MDA, ballistic missiles have different ranges, speeds, sizes, and performance characteristics. The BMDS architecture provides multiple opportunities to
destroy missiles and warheads before reaching the intended target. U.S. military personnel from the U.S. Pacific Command, the U.S. European Command, the U.S. Forces Japan, the U.S. Northern Command, and the U.S. Strategic Command operate the BMDS elements.