According to a recent audit, the Army, Navy, and Missile Defense Agency are having some issues with basic security. How bad is it?
[I]nvestigators found that many users did not enable multifactor authentication for their accounts
Ok, that’s not great.
[T]he network was never configured to support multifactor authentication at all.
Investigators found that systems were not patched for vulnerabilities discovered and fixed in 2016, 2013, and even going as far as back as 1990.
[T]he server rack was unlocked even if the rack featured a sign stating that the server door must remain locked at all times.
At least that one is kind of funny.