The Air Force has staked its future on unmanned aerial vehicles commonly referred to as drones.
This week information became public that video feeds from the drones used in Afghanistan had been intercepted. One defense official openly stated that there is a risk when using drones given they are remotely operated and use bidirectional controls based on the video feed and other data that is sent to remote locations that operate the drones.
Those characteristics are not the problem! While the DoD scurries to encrypt the drones video feeds in Iraq, Afghanistan and Pakistan to eliminate this leak, it goes to prove once again that Security is built in and should not be bolted on later. Decade-old components currently in use are and will be a challenge to encrypting the feeds.
The Global Information Grid (GIG) in operation for over 25 years old, is not up-to-date and does not have the latest technologies like many of the militaries systems. When the GIG and other systems were designed and placed into operations, cyber attacks and the threat of cyber warfare was nowhere near the threat it is today and not considered to be part of the critical design criteria.
This is one example why we estimated the DoD will need to spend approximately $65 billion between 2009– 2012 to address cyber attack vulnerabilities and upgrade their critical systems.
FACT: December 2008 — U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant.
FACT: SkyGrabber a commercially available software package from Russian company SkySoftware was one of the applications that enabled the capture of the video feeds.
FACT: Drones account for 36% of the planes in the service’s proposed 2010 budget.
{ 23 comments… read them below or add one }
just because they seem to live in the 12th century doesn't mean they can't adapt… the best example being the muji's fighting ability before the Russians and after the Russians. Trained by America's best.
$65 Billion? From what budget?
That is the problem – no one knows where we can get the money. Add to that the cost to secure our critical infrastructure and the cost becomes even larger and a bigger budget issue.
Come on Kevin,
We don't have 65 Billion dollars. Don't you know we're trying to give insurance to 30 Million illegals over here? Priorities first!
Bwahahahahhahahhaa
It is this attitude that has put us behind in the Cyberwar. It is simple enough to encrypt signals, and ALL military communications should be encrypted.
Thank goodness it seems to be just the downfeed that they hacked. Imagine if it was the uplink and the terrorists gained control of predators with live hellfire missiles…. I also wonder if the new RQ-170 was susceptible.
This is just sickening Kevin…
Ptsfp
I agree. We are much better what our current state and actions would lead you to think! Security is built in not bolted on. Encryption should be one layer of security and have been there from the beginning. In the design phase we need to ask if we were on the other side, how would we attach these systems and harden the accordingly.
The RQ-170 isn't really all that "new", maybe to the media but not to anyone in the industry.
Honestly, i'm surprised this (the signal capture, can't really call it a "hack" because it's readily available for those who can to snatch the feed out of the sky) has been kept quiet as long as it has since we've known about this for quite a while now, and have seen little to no impact on operations since.
This is apart of a well known problem of updating our current cyber/OPSEC abilities and practices that's going to take a huge chunk of money, and time.
Price, I have to agree with Kevin on this one, security should have been thought of in the design. Secure computer communication encryption techniques existed in 1995 when the predator went live.
DES (Data Encryption Standard) existed in 1975… The standard was created by IBM at the government's request to encrypt non-classified sensitive information. Triple DES (A much more secure version) was released in 1998.
An unencrypted signal should never have been available to snatch out of the air in the first place. If cyber security/ practices were more of a priority from day one, we would not have to be spending money we don't have to upgrade. Sadly, even to this day, security is put on the back burner and even cut out to meet budget restraints.
Ptsfp
To me this is almost unbelievable. Not in the sense they could buy this software, but that no one thought to anticipate this and avoid the situtaiton completely.
someone dropped the ball.
The difference between a good army and a bad one is – ADAPTABILITY.
How quickly will we remedy these types of oversights? That will determine who wins and who loses.
BTW – great opportunity for disinformation!
Good Morning Folks,
There seems to be two problems at play here. The first is the use of aging bandwidth and communications protocol, 802.11(?) . This is part of an over all DoD problem in this area of communications. The solution is to get rid of the backward compatibilities with sixty year old communication equipment and move into the digital age.
True the bad guys such as the Pyrates have discovered the old short wave bands in the (5khz.-50khz.) range, and are using it, but that can be dealt with on a case by case basis.
The second issue, and this is for all you Clinton haters out there is the selling of military set aside bandwidths back in the 90′s, remember the auctions that became giveaways to the wireless companies? Many of these “useless chunks” of bandwidth that had been set aside after WWII for the military, were encroached upon and sold, well almost give away in reality, we are now reaping the consequences of those sales.
To the credit of the military of the era many advised strongly against these sales, but the Clinton Administration wasn’t listening. It is noted that after Clinton left office many of those with in the administration went to work for the wireless companies that bought these bandwidths.
Anymore technical debate I will let some of you younger guys pick up on. My information most likely is to old to be anything more then a generalization. Besides I get in trouble if I say to much.
ALLONS,
Byron Skinner
Hey Byron, its not just a Clinton issue – the sale of bandwidth continues to this day. Spectrum is big business for the nation, and usually bad for the military. Recall the recent switch away from analog television? That's because there's a market for those frequencies. The recent push for 3G cell phone communications also included a sale of military-related bandwidth.
This doesn't have anything to do with bandwidth, or frequency selection, it has EVERYTHING to do with some MORON ever even thinking in the first place that designing a surveillance system that sends out unencrypted feeds is an acceptable idea. UN, FREAKING, BELIEVABLE.
Kevin, edit your material. This was horribly written.
Sorry it was rushed out to get people talking
WTF i agree wit others some one didnt drop the ball though. They spiked the ball and shot it with a 12ga.
This is the reason so many have wondered at switching to drones for everything.
If they can do this imagine what the chinese or russians could do. And who thinks they wouldnt sell the info?
I love this. The military releases info about a security breach AFTER THE PROBLEM HAS BEEN CORRECTED and people act like it's the end of the world. When fixing a known problem would be a huge hassle, when the enemy hasn't exploited that known problem for several years (that's the kicker – the bad guys guys were clueless for YEARS) and when the consequences of that exploitation are minor (and any explotative action taken on their part could be exploited by us in turn), waiting to fix things until when/if the bad guys catch on is really pretty understandable.
No missions were compromised, no bad guys got any actionable intel (we may have bored them to death) or new info on us they didn't already have, no friendlies were hurt, corrective action has been taken, move along folks.
The AP article mentions that this was a consequence of the use of commercial, of the shelf technology. While security should be built in rather than added later as Coleman mentions, sometimes you'd rather have the imperfect now rather than the perfected later. There's no question the MQ-1s & MQ-9s are worth so much that a few com intercepts are an acceptable trade-off. Especially since these are only com intercepts, not loss of control.
US forces are traditionally less than careful about com security. It starts with little things like unit commanders always having the unit call sign + "6" as their personal call sign.
Good Morning Folks,
I totally agree with “I Love this.”, it appears to be “much to do about nothing”. Problem discovered, problem dealt with, end of story. It appears that the video interception happened in Iraq in the 04-05 period and didn’t involve any data or audio intercepts. The video was compressed and would from the samples I’ve seen of little value. Goggle Earth would provide far more usable information to terrorists.
Here’s some fun, if your bored this weekend. Of you have a laptop with wireless, turn on its wireless search mode and cruse around the neighborhood and tap into all the unprotected wireless routers and local networks, I wouldn’t be surprised that you would find out what everybody is getting for Christmas.
ALLONS,
Byron Skinner
Wow… they actually were using communications that just anybody could tap into with virtually no effort? Seriously?
you know, all the stories have mentioned that these guys were supported in this by Iran. How do we know that? What is the link?
I dont doubt it or anything, I just wonder how they came to that conclusion. Does anyone have some info?
Someone ought to pay a heavy price at the Pentagon for this bit of stupidity. But sometimes stupid people are promoted precisely BECAUSE they are stupid, so I don't expect anything to happen. It's a shame.
I am a ltitle confused as to how this happens. End point encryption is only expensive in the box not the band and even cheap (sub $1) CPUs on todays market could handle just enough encryption to make the data useless. (Time being a key factor in intel).