Critical cybersecurity flaws were found in “nearly all” weapons systems operationally tested by the U.S. Department of Defense between 2012 and 2017 and the agency “does not know the full extent of the problems” that exist, a new report has claimed.

damning 50-page report suggested digital protections in place were “insufficient,” warned that government officials had a “false sense of confidence in the security of their programs” and said the DOD was “just beginning to grapple with the scale of vulnerabilities” it now faces.

In its analysis, made public Tuesday, the U.S. Government Accountability Office (GAO) said hackers who had tested the systems under development could “operate undetected.” It listed example targets including flight software, communications lines and industrial control systems.

The study was conducted, the GAO elaborated, because the defense agency is currently planning to spend around $1.66 trillion to develop its weapons systems. They need to be protected from adversaries who have “advanced cyber-espionage and cyber-attack capabilities,” it said.

But the report noted: “We found that from 2012 to 2017, DoD testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development. Using relatively simple tools and techniques, testers were able to take control of these systems.”

GAO Cybersecurity Analysis