Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label GAO. Show all posts

Pentagon Weapons Systems Have 'Nearly All' Vulnerabilities

 


It appears as though the United States has penetrated Russian military and intelligence services deeply in the past year, as evidenced by the revelations of secret Pentagon documents that have been leaked online through social media, revealing that Washington also appears to be spying on some of its closest allies, including Ukraine, Israel, and South Korea, by releasing a trove of secret Pentagon documents. 

The Pentagon is attempting to leverage artificial intelligence to outfox, outmaneuver, and dominate future adversaries of the United States. Despite its unsteady nature, AI is a technology that could present opponents with another way to attack if not handled carefully. 

There is a newly established unit within the Joint Artificial Intelligence Center, established by the Pentagon to assist the US military in exploiting artificial intelligence. This unit is charged with collecting, testing, and distributing machine learning algorithms from open source and industry across the Department of Defense for use. Artificial intelligence for military purposes raises some major challenges, which are expressed as part of that effort. A Testing and Evaluation Group, or "tasked with probing pre-trained AI models for weaknesses", is called a "red team" in machine learning. There is also a cybersecurity team that examines AI code and data for potential vulnerabilities hidden in them. 

Pentagon officials should not limit their efforts to protect their data networks or just their industrial and information systems, as their vehicles and weapons are also among the most vulnerable at the Pentagon. 

The military cannot manage even the simplest internal systems. This is one of the main reasons for the military's limited ability to defend these systems. 

There was evidence that Washington was spying on some of its closest allies based on the documents provided. The national security officials in the country were listening in on conversations between senior members of the country's national security council about whether the country would be selling artillery shells that were used in Ukraine. As a result, a political backlash was initiated in Seoul on Monday, where opposition lawmakers denounced the United States' abuse of its sovereignty as a clear violation of the sovereignty of the people. 

The technique behind modern AI, machine learning, is fundamentally different from the traditional methods used to write computer code and is often more powerful. By learning from data, a machine learns its own rules by itself, rather than writing the rules themselves for the machine to follow. The problem with this learning process is that it can produce strange or unpredictable behavior in AI models because of artifacts or errors in the training data, and this can render the model unreliable. 

There have been several explosive reports released by the Government Accountability Office (GAO) this month that concluded the Pentagon's $1.7 trillion procurement pipeline contains "nearly all" weapons systems with major cybersecurity holes. 

It is certain that cyber breaches involving weapons systems during a crisis or, in the case of a military conflict, could result in grave consequences, as they could potentially allow an enemy to misfire or cause military failures as a result of breaches. 

The Pentagon's systems are becoming enticing targets for hackers, the report said, as they have become easier to hack over the past decade. It is not the first time this warning has been issued -- at least a half-dozen military studies have raised alarms since the 1990s. 

It was only in 2014, the GAO noted in its report on cyber vulnerabilities in weapons systems that the Pentagon began to conduct routine checks for these vulnerabilities. It is estimated that as many as 80 percent of systems have never been tested. In a recent report, the Department of Defense [the Department of Defense] said that cybersecurity was not given the top priority in the acquisition of weapon systems until recently. Currently, the Department of Defense is seeking to understand how to apply cybersecurity to weaponry systems. 

It is expected that the Pentagon will develop its offensive capabilities for reverse engineering, poisoning, and subverting its adversaries' AI systems shortly. Currently, the focus of the effort is to make sure that American military AI is unattackable and cannot be compromised. As he puts it, "We have the option to proceed with the aggressive strategy." He says, "Let's just make sure it isn't something we can do against us, but it will be possible." Allen does not want to comment on whether the US is developing offensive capabilities. 

To ensure that their economies can leverage the power of this powerful new technology to the fullest extent, many nations have developed national AI strategies. 

During this period, big tech companies, in particular in the United States and China, are jockeying for positions in the commercialization and exportation of the latest AI techniques. This is to gain an advantage.  

There is a need to protect the algorithms that are important to the military supply chain or contribute to the making of critical decisions that affect the mission.      

US Government Contemplates on Launching Cyber Insurance Program to Help Private Insurance Firms

 

As cyberattacks continue to surge at a rapid pace, the US government is mulling over the creation of counterproductive incentives to help private insurance firms cover some of the costs related to catastrophic cyber incidents under the federal cyber insurance program. 

Last month, the Treasury Department and Cybersecurity and Infrastructure Security Agency (CISA) asked the representatives of multiple organizations to contemplate the requirement of a cyber insurance program and, if so, how such a program should be enforced across the country. 

Earlier this year in June, the Government Accountability Office (GAO) published a report advising Federal Insurance Office (FIO) and CISA to conduct a joint assessment to examine the federal government’s role in cyber insurance. 

The move comes after multiple private insurers were spooked by the possibility of having to cover such large losses and backed out of the market by excluding some of the most high-level cyberattacks from being covered by insurance policies. Currently, the U.S. government does not have a federally backed cyber insurance program to deal with destructive cyberattacks. 

“I think what you’re seeing is the government sort of thinking about this from their side … if they should be doing more to help companies that are hit and, if so, how should they define what the thresholds are. They’re clearly evaluating that and trying to think carefully about it right now,” stated Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School. 

The rapid surge in cyber incidents 

Cyber attacks, specifically ransomware, have disrupted critical services and businesses globally, including schools, government offices, hospitals, emergency services, transportation, energy, and food firms. Reported ransomware payments in the United States reached over $590 million in 2021, compared to a total of $416 million in 2020. Just this summer, ransomware attacks rose 47 percent from June to July, according to a report published by cybersecurity firm NCC Group. 

According to the most recent IBM Cost of a Data Breach report, each public sector incident costs $2.07 million on average. 

The cyberattack on the Colonial Pipeline that took a 5,500-mile-long fuel transporting operation offline had a spillover effect on the wider economy. The pipeline operator paid a ransom of $4.4 million to the hackers — despite advice from law enforcement agencies that ransom demands should always be rejected. 

According to the FBI and many other agencies, paying ransoms encourages attackers to launch further cyber attacks. Some suggestions for organizations from the FBI include: 

• Keep all operating systems and software up to date 
• Enforce a user training program and phishing exercises 
• Employ strong, unique passwords for all accounts with password logins 
• Enable multi-factor authentication (MFA) for as many services as possible 
• Maintain offline (i.e., physically separate) backups of data, and examine backup and restoration frequently 
• Ensure all backup data is encrypted and immutable