Hacking risks found in Army's $12 billion WIN-T Increment 2 mobile network

In a 2011 file photo, a 2nd Brigade, 1st Armored Division soldier demonstrates Warfighter Information Network-Tactical (WIN-T) Increment 2 and Mission Command on the move applications during the Network Integration Evaluation (NIE) 12.1.


By TONY CAPACCIO | Bloomberg News | Published: April 22, 2016

A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan and Africa has significant cybersecurity vulnerabilities that were found in combat testing.

After a review ordered by the Pentagon's chief weapons buyer, the Army and contractor General Dynamics Corp. are working to improve the systems already in the field and to embed updates into networks that will be deployed through 2028, according to the service.

The assessment conducted by Johns Hopkins University and the Army Research Laboratory "recommended both improvements to user training techniques and procedures and hardware and software enhancements to harden against the cyberthreat," Army spokesman Paul Mehney said in an e-mail. Citing security concerns, he said he couldn't comment on "specific improvements to operational units."

The WIN-T Increment 2 network made by General Dynamics is designed for secure on-the-move voice, data and image transmissions from brigade commanders down to company-level vehicles tearing through terrain. It's already deployed to 11 of the Army's 32 combat brigades. Frank Kendall, the Defense Department's acquisitions chief, approved full production in June.

The network is the latest defense system found to have major cybersecurity vulnerabilities.

One high-profile example is the Navy's Littoral Combat Ship that's designed to perform mine-clearance, submarine-hunting and surface warfare. Michael Gilmore, the Pentagon's director of operational testing, said in January that the vessel had "cybersecurity deficiencies that significantly degrade operational effectiveness."

Kendall directed the independent assessment of the Army's mobile network last year because "cybersecurity vulnerabilities reduced the program's operational capability and could incur growth cost and schedule delays if significant changes are necessary," the U.S. Government Accountability Office said last month in its annual review of major weapons programs.

The GAO didn't disclose how the system could be broken into or attacked or how its use has been limited because of the risks.

The network's vulnerability poses a difficult challenge because it's "dependent upon the cyberdefense capabilities of all mission command systems" Gilmore said in a separate report.

"General Dynamics Mission Systems is supporting the Army's efforts" to improve cybersecurity "to address the constantly changing threat environment," Carol Smith, a spokeswoman for the Falls Church, Virginia-based contractor, said in an e-mail.

Mehney said the Army program office "continues to incrementally enhance" the network's "cyber-protection capability with additions of a new firewall" and other changes "to ensure the system is less vulnerable to external threats."