Basic computer and network security has been thrown to the wind at the US Missile Defense Agency. A report that was posted on MDA’s website was removed after FCW posted a story on it. The agency along with it’s contrator, Boeing, had serious flaws that included access to the network without the need for a individual passwords or any audit logs.
Neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on the unencrypted communications network under development by Northrop Grumman because such a requirement “was not in the contract,†according to the report. However, current DOD policies require such automated network monitoring.
Gotta love project managers. If an item is not “in scope” it is dropped faster than a flaming bag of…
This particular network was developed to conform to DoD policies from 20 years ago (genius). To make things even worse Boeing did not take steps to verify that people with access to the network had the proper security clearances until a year later. There is so much more to this story that ou simply have to read the article. As for the report? Well there is a link to it here (via FCW.com)