Slashdot Mirror
US Nuclear Missile Silos Use Safe, Secure 8" Floppy Disks
Hugh Pickens DOT Com (2995471) writes "Sean Gallagher writes that the government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven't changed much and there isn't a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""
"I've never seen a floppy that big!"
"Wait til you see it spinning."
They say 8", but their wives privately shared that they were only 6" on a good day.
The silo wins the security battle through two things:
1) Physical security
2) Not being on the Internet
Yes, it's old stuff. Who cares? Nobody can touch it, and it's not on the global network. Not much else is required.
I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.
Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking? Kinda makes you wonder--if there's actually a cyber warfare component to the next major conflict, will the military tech that's developed afterwards end up resembling 1970s (or earlier) era hardware more so than the "futuristic" tech you see in most modern SF?
You have to admit, the old hardware makes it hard for some random officer to violate the air gap by plugging in his USB-using cellphone.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Not so much. This is actually more along the lines of "If it aint broken, don't fix it".
Some systems are so deeply entrenched that replacing them often becomes a nightmare and you are not necessarily gauranteed with a more stable, robust replacement system.
Even though some of these systems are old, they are often very very stable.
Loving the sarcasm, but seriously, these antiquated systems are probably a lot more secure than many modern systems. After all, it's next-to-impossible to hack one of these missile control systems if they're not connected to the internet and code must be loaded on 70's era floppy disks (which are next-to-impossible for Joe Bloggs to get hold of)
Sure, it's terrible energy-inefficient, and the support costs must be through the roof, but i'm more comfortable knowing that the missile control systems are running on pre-internet (and even ARPANET?) systems. It means the many enemies of the US cannot just hack into the missile control systems and start armageddon. No internet, no hacking, no problem.
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
Yes, there are. I have one, and a Catweasel controller that can read and write basically any format on it.
The 8 inch standard format is very similar to the 1.2MB 5.25 inch format. Actually, it's the other way around, as when IBM built the PC AT and the high-density drives for it they apparently intentionally made the formats nearly identical. They're so close that computers that use 8 inch diskettes can typically be modified to run with 1.2MB HD 5.25 drives and media with only a new controller to drive cable and new drive power supply (8 inch drives typically take either AC mains power to run the spindle or 24VDC, and 5.25 drives take 12VDC to run the spindle). See http://nemesis.lonestar.org/co... for some tech info on how to do this with one of the first multiuser 'personal' computers, the Radio Shack TRS-80 Model 16 (and descendents the 16B and the 6000). Also see http://www.dbit.com/fdadap.htm... for the 'proper' adapter board.
8 inch diskettes are famously reliable with good quality media, and the bits aren't packed so densely that an EMP event will wipe them out, as long as they're in a faraday cage with sufficient attenuation and power handling capacity.
Current production high-density PC FDC's can easily handle the 8 inch drive with the proper adapter cable, but the number of supported formats is small. More flexible is the USB interfaced Kryoflux, and the PCI Catweasel MK3 and MK4 (the Kryoflux is currently in production and available for purchase; the Catweasels have been out of production for a while and are a bit difficult to obtain last I checked; I bought my MK4 from amigakit.com, but they appear to only have the Amiga-specific MK2's in stock.
Actually, it does. The fact that you cannot load data on these machines using a USB device does mean that they are more secure. The fact that anybody carrying around something that would allow them to quickly and easily load software (whether malicious or not) onto these machines would be obvious to anyone watching them does in fact increase security. The security does not come from the fact that the hardware is old, but from the fact that attempts to load software onto it are obvious. And on the software side it is not the fact that it is old that adds security, rather it is that the people who are knowledgeable enough about it to hack it are extremely rare. In both cases, these facts are a result of them being old, but the age is not what he is claiming makes them more secure. Rather it is a side effect of them being old.
The truth is that all men having power ought to be mistrusted. James Madison
Actually, you're wrong.
These old networks are airgapped in so many ways, not just by removing the CAT6 to the Internet. The disks themselves are airgapped, as they're not constantly in systems which can read them; likewise, there's a huge airgap between a spy and a reader: if the disks are stolen, they need a huge honkin' machine to read them, or they need to use base facilities which have cameras and guards. Further, the media is low-density: you need to physically transport a truckload to get what fits on a modern CD-R, much less on a 64GB microSDHC.
Just as with 1000 iteration hashing, these large systems impose a time limitation on mass copy. If you want to access this top-secret file, it's merely 15kB of text stored on a 40kB disk. If you want to steal the wealth of information archived here, you must find the disks you want and then copy each of them. If you want it all, you must spend weeks if not months copying each individual disk to a portable flash drive.
There are some real difficulties involved in stealing this much data in this form. That provides a layer of security by requiring high-visibility or excessively slow methods of data access, both of which sharply increase risk in espionage. You are more likely to catch and interrupt any significant espionage attempt in this model than in a model where we put all our stuff on a USB drive that's taken to a modern machine in a secure room.
Support my political activism on Patreon.
I have a TRS-80 Model 4p at home that has two built-in 8" drives.
This guy is one of the greatest threats to the US Minuteman missile system.
Finally had enough. Come see us over at https://soylentnews.org/
Its not security via obscurity because the real security doesn't rely on the lack of 8" floppies. The real protection is a) not being hooked up to the internet, b) lots of doors & guys with weapons standing between you and the control station. But I guess if some airforce commander throws a few bones to a dumb journalist and has a laugh about it back at the club with the boys, is that obscuring the real security?
I used to work for SAC, specifically on SACDIN. I was a programmer for the system, but turned into network admin when they told us to complete the air gap and setup an offline network just for the source code, testing and administration of the system. I am not sure how much I am allowed to say, as my security clearance restricts me for like 75 years or something. But since most of what I will tell you can already be found here: http://www.fas.org/nuke/guide/..., I figure I won't get a knock on the door.
SACCS and SACDIN are nearly the same, often interchanged in terminology. Most of us called it SACCS. We were the BALLS. That kind of stuff went on and on... it never got old.
The systems are not nearly as outdated as you think. The endpoints are old, but the stuff in the middle is much newer. The code is reviewed every 6 months. There is probably code in there from the 60's, but it has been reviewed hundreds of times. There is new stuff and changes all the time.
There are modern computers that the programmers code with. There are modern computers in the links from SAC to silo. They are hardended and locked down, but let's be honest, the airmen have physical access. That's why you need a clearance just to touch the computers that make the code that runs the network.
That's all I have to say about that.
I finally updated my sig, but now it's lame.
Since it is secure via remote hack and secure again a USB drop, then your only remaining option is a local intrusion.
That is when the guys with guns come in handy, and the military is good at that. :)
Are places like Ft. Hood secure? No. Is a nuclear missile silo secure? I dam well hope so...
If not, then I'd agree there is a problem.
On site, just open a panel, swap out a cable, bypass the whole control system.
Just so you know, when you open that panel, you're dead. They have antipersonnel mines built in, in case of unauthorized access to the panel. ICBM security doesn't fuck around.
This is the sort of security that involves lethal countermeasures, and yes, they thought of that. That too. There were geeks involved in the planning, so that other thing you think is clever? Lethal countermeasures.
Socialism: a lie told by totalitarians and believed by fools.