"The network that stitches together radars, missile launch sites and command control centers for the Missile Defense Agency (MDA) ground-based defense system has such serious security flaws that the agency and its contractor, Boeing, may not be able to prevent misuse of the system, according to a Defense Department Inspector General's report released late last month.
The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated.
Because of this poor information security, the DOD IG report said, MDA and Boeing officials "may not be able to reduce the risk and magnitude of harm resulting from misuse or unauthorized access or modification of information [on the network] and ensure the continuity of the system in the event of an interruption."
Stephen Young, an MDA analyst at UCS, said the security flaws could affect operation of the entire GMDS project. "The network is absolutely essential to GMDwithout it, the system can't work."
A MDA spokesman said his agency would not answer any press questions until it responds to the IG report on March 24.
MDA budget documents describe the GCN as a fiber-optic network interconnected with military satellites. These budget documents said the GCN connects the two missile silo sites with control and communications nodes at Fort Greely and Shriever Air Force Base and the Cheyenne Mountain Operations Center, both in Colorado, as well as radars in Alaska and a test bed in Huntsville, Ala."
Gee, this is comforting