Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air Force Network Admins Found Out About Drone Virus Through News Story

Posted by Soulskill on from the right-wing-doesn't-know-what-left-wing-is-doing dept.

Nemesisghost writes "Wired's Danger Room reports that the network admins of the 24th Air Force found out about the virus infecting the drone cockpits at Creech Air Force Base in Nevada by reading the earlier news article. Quoting: 'Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the U.S. military secures its information infrastructure: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of. The four branches of the U.S. armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. ... In practice, it’s not that simple. Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes.'"

2 of 161 comments (clear)

  1. YAY by bobstreo · · Score: 5, Insightful

    Compartmentalization AND Security through obscurity.

    You can't make this stuff up.

  2. Re:Were they also surprised ... by jeff4747 · · Score: 4, Interesting

    No, because that is intentional.

    If you encrypt it, you have to distribute the decryption keys. That's not a trivial task when you're talking about military situations. You have to deal with unreliable communications, the possibility of a unit being overrun and keys captured, and distributing new keys regularly over a very wide area to units from several countries. Now remember that any of these problems don't merely cause downtime, but get troops killed.

    Or you just transmit the video unencrypted.

    The assumption was any adversary sophisticated enough to receive the video would also have the minimal radar and signals capabilities to detect the presence of the drones anyway, so the video itself would not be all that helpful.

    That assumption doesn't hold with the conflicts we are currently fighting, so they're trying to figure out if it's sufficiently worthwhile to encrypt the data with the problems that would cause.