A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan and Africa has significant cyber security vulnerabilities that were found in combat testing.
After a review ordered by the Pentagon’s chief weapons buyer, the Army and contractor General Dynamics Corp. are working to improve the systems already in the field and to embed updates into networks that will be deployed through 2028, according to the service.
The assessment conducted by Johns Hopkins University and the Army Research Laboratory “recommended both improvements to user training techniques and procedures and hardware and software enhancements to harden against the cyber threat,” Army spokesman Paul Mehney said in an e-mail. Citing security concerns, he said he couldn’t comment on “specific improvements to operational units.”
The WIN-T Increment 2 network made by General Dynamics is designed for secure on-the-move voice, data and image transmissions from brigade commanders down to company-level vehicles tearing through terrain. It’s already deployed to 11 of the Army’s 32 combat brigades. Frank Kendall, the Defense Department’s acquisitions chief, approved full production in June.
The network is the latest defense system found to have major cyber security vulnerabilities.
One high-profile example is the Navy’s Littoral Combat Ship that’s designed to perform mine-clearance, submarine-hunting and surface warfare. Michael Gilmore, the Pentagon’s director of operational testing, said in January that the vessel had “cyber security deficiencies that significantly degrade operational effectiveness.”
Kendall directed the independent assessment of the Army’s mobile network last year because “cyber security vulnerabilities reduced the program’s operational capability and could incur growth cost and schedule delays if significant changes are necessary,” the U.S. Government Accountability Office said last month in its annual review of major weapons programs.
The GAO didn’t disclose how the system could be broken into or attacked or how its use has been limited because of the risks.
The network’s vulnerability poses a difficult challenge because it’s “dependent upon the cyber defense capabilities of all mission command systems” Gilmore said in a separate report.
“General Dynamics Mission Systems is supporting the Army’s efforts” to improve cyber security “to address the constantly changing threat environment,” Carol Smith, a spokeswoman for the Falls Church, Virginia-based contractor, said in an e-mail.
Mehney said the Army program office “continues to incrementally enhance” the network’s “cyber-protection capability with additions of a new firewall” and other changes “to ensure the system is less vulnerable to external threats.”