http://www.fcw.com/article92668-03-20-06-Web
By Bob Brewin Mar. 20, 2006 The Defense Department has removed from the DOD inspector general's Web site a critical report that states that the network that links radar systems, missile sites and command centers for the Missile Defense Agency's (MDA) ground-based defense system has serious flaws in the security technologies, policies and procedures needed to protect the integrity, availability and confidentiality of information on the network. Federal Computer Week published a Web article [1] March 16 and a follow-up print article [2] today about the report, which states that MDA and Boeing, the prime contractor for the Ground-based Midcourse Defense (GMD) system and the GMD Communications Network (GCN) have allowed the use of group passwords on the unencrypted portion of the GCN rather than requiring individual passwords. The report also faults MDA and Boeing for the lack of automated audit trails -- essential to catch inside or outside threats -- on the network. The report, "Select Controls for the Information Security of the Ground-based Midcourse Defense Communications Network," vanished from the DOD IG audit report this past weekend. A DOD spokesman said he was working on getting an explanation from the IG office on why the report was removed from the Web site, but he said he was not optimistic about getting back to FCW today. An MDA spokesman did not return calls from FCW asking for an explanation. MDA is holding its annual conference today in Washington, D.C., at the Ronald Reagan Building and International Trade Center, named after the president who first advocated a missile defense system nicknamed "Star Wars" to counter perceived missile threats from the now-defunct Soviet Union. FCW saved a digital version of the DOD IGN report [1] on the security flaws in the GCN system and posted the report on its Web site. [1] http://www.fcw.com/article92640-03-16-06-Web [2] http://www.fcw.com/article92665-03-20-06-Print [3] http://www.fcw.com/images/st_images/MDADODIGReport.pdf _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
