The U.S. Department of Defense Inspector General (DOD IG) released a rather terrifying report on Friday. It outlined some major cybersecurity flaws in U.S. ballistic missile systems. An article from ZDNet explained that the DOD IG found “no data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities,” amongst other issues.
DOD IG inspectors found that IT administrators at three of the five locations they visited had failed to apply security patches, leaving computers and adjacent network systems vulnerable to remote or local attacks. Investigators found that systems were not patched for vulnerabilities discovered and fixed in 2016, 2013, and even going as far as back as 1990. The DOD IG report is heavily redacted in this particular section, suggesting that MDA administrators are still patching these flaws.