Almost all of the Pentagon's newer weapons are vulnerable to cyberattacks. The threat was revealed in a new report by the U.S. Government Accountability Office on Tuesday.
The Department of Defense's newest weapons systems went through cybersecurity tests from 2012-2017. Many of the testers, posing as hackers, were able to easily guess DOD login information — some passwords had reportedly never been changed from their factory settings. One team guessed an administrator password in less than 10 seconds.
The GAO found hackers only needed "simple tools and techniques ... to take control of systems and largely operate undetected."
It also found the DOD failed to fix cybersecurity threats that were identified in earlier tests, allowing hackers to exploit them again. A report on one assessment showed only one out of 20 vulnerabilities had been fixed since the last test.
Cybersecurity has been on the federal high risk list since 1997, but the Pentagon just recently prioritized the issue. Meanwhile, the threat of an attack is growing as government weapons become more computerized.
The government has taken steps to curb threats, including revising certain policies to incorporate cybersecurity concerns. But the GAO says their effectiveness is limited, in part, by poor communication in the DOD about vulnerabilities in its systems.
The GAO was asked to compile this report as part of the Trump administration's goal of making $1.66 trillion worth of investments in U.S. weapons systems.