Slashdot Mirror
Air Force Network Admins Found Out About Drone Virus Through News Story
Nemesisghost writes "Wired's Danger Room reports that the network admins of the 24th Air Force found out about the virus infecting the drone cockpits at Creech Air Force Base in Nevada by reading the earlier news article. Quoting: 'Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the U.S. military secures its information infrastructure: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of. The four branches of the U.S. armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. ... In practice, it’s not that simple. Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes.'"
Compartmentalization AND Security through obscurity.
You can't make this stuff up.
When nuclear weapons were new, each branch of the military tried to become the 'nuclear' arm by introducing new weapons systems and trying to impress politicos with how they should be the ones with the budget and prestige. We don't need multiple branches of cybersecurity forces, we need one branch that can handle it all. Time to dump the military romanticism of the 18th century that divides our military into earth/water/air/fire/heart and reorg. Hell, maybe we even need another side to the Pentagon for cyberwarfare.
Ok, is this what they meant by downgraded provisional cyber command? As in, a room with pictures of maps on big flat screens and no actual command of anything? If this is the best the most elite hackers our military can muster, then I think my wife should try and apply. She knows how to use Excel pretty well.
This has nothing to do with taxes.
The military finds funding when it needs it.
This is mostly a failure of leadership.
Unless something comes from the top down, their networks will remain a group of islands.
It took a 9/11 for us to reform our intelligence sharing and it'll probably take the internet equivalent before the military to puts their house in order.
[Fuck Beta]
o0t!
There are some things that are just embarrassing though. This is one of them. The F22's avionics systems crashing due to crossing the international date line is another. It raises serious questions about how much we trust our armed forces to properly handle security.
I used to think that the stuxnet virus had a few oversights that were well beyond the incompetence level of the US government (the P2P update feature with hard-coded password being one) but this sort of thing suggests that in fact, when it comes to technology, the US government has no competition in the field of incompetence.
LedgerSMB: Open source Accounting/ERP
No, because that is intentional.
If you encrypt it, you have to distribute the decryption keys. That's not a trivial task when you're talking about military situations. You have to deal with unreliable communications, the possibility of a unit being overrun and keys captured, and distributing new keys regularly over a very wide area to units from several countries. Now remember that any of these problems don't merely cause downtime, but get troops killed.
Or you just transmit the video unencrypted.
The assumption was any adversary sophisticated enough to receive the video would also have the minimal radar and signals capabilities to detect the presence of the drones anyway, so the video itself would not be all that helpful.
That assumption doesn't hold with the conflicts we are currently fighting, so they're trying to figure out if it's sufficiently worthwhile to encrypt the data with the problems that would cause.
Not much. They use proxies and whitelists. Your average elementary school is less locked down than the military networks.
If you're going to claim incompetence on their part, you could at least RTFA. Portable hard disks used to transfer map updates from network-connected systems to the isolated network where the drones operate.
No, you're talking about distribution of the keys on the drones. That isn't a problem, since the drones return to a relatively safe base regularly.
What is a problem is you want the soldiers on the ground to be able to see the video, any time, under fire or not, even if their network connection has been down for months, even if they belong to another nation.
It's not easy to enter a new key while someone's dropping mortar rounds all around you, assuming you can even get the correct people on the radio.
Transmit unencrypted video and that problem goes away. Which is why they chose to do so.
Considering that defense, customs and border control are some of the few items actually set out in the Constitution as important activities of the federal government, that's probably a reasonably good thing. (Not to say that it's being done right now, I'm just sayin'). IIRC, for most of US history Defense was well over 1/2 of the total federal budget. Now it's somewhere close to 20%.
In the 1950s the entire Interstate Highway System was justified on defense grounds - the height of overpasses was set to allow military vehicles and missile carriers to go through.
The plain fact is that without borders and defense, we don't have a nation-state. EVERYTHING else is frosting on the cake. Is it being done right, effectively, etc.? Separate question. Should we be the policeman for the whole world? Nearly every other nation has wanted us in that role since WWII including many so-called counter parties like Russia and China. (Notable exceptions are of the ilk of North Korea, etc.) They often don't like the way we do it, but they distrust every other nation even more - and they certainly don't want the UN to have that kind of power any more than we do.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
I am.
The fact that they don't have a means of broadcasting alerts to the technicians is a sign of an absolutely scary level of incometence.
Are the launch codes for the nuclear arsenal as well protected and monitored as the drones? If so, the entire world should be terrified of American incompetence.
I do not fail; I succeed at finding out what does not work.
What you've just suggested is the same error clueless bureaucrats make about technology, except in reverse; the other side of the same coin.
PHBs who have no idea how computers or networks work say to organize or administrate them in a way that makes sense for organizing tangible items with physical problems, but utterly fails when applied to computers.
You have suggested organizing the branches of the military according to the way a computer network should be organized. Worse, you've suggested this not only regarding the branches' computer networks, but also regarding military operations.
Not only do you ignore the inter-service cooperation that already exists, but you ignore the pointless extra division that your idea would entail, like having AF pilots flying aircraft off carriers or flying Blackhawks full of Army troops. In both cases, the AF pilots would be working exclusively with members of the other branch, so what would the point be of having them under a different CoC? They'd end up assigned to TDY under another branch...in which case they might as well be in that branch in the first place. It really doesn't help unit cohesion to have artificial divisions between, e.g. the chopper pilots and the troops they carry around and support.
Are you even aware that the Marines are under the Department of the Navy? Sheesh.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."