U.S. Air Force Predator drone flying over the skies of Afghanistan and Pakistan
Officials at Creech Air Force Base in Nevada knew for two weeks about a virus infecting the drone “cockpits” there. But they kept the information about the infection to themselves — leaving the unit that’s supposed to serve as the Air Force’s cybersecurity specialists in the dark. The network defenders at the 24th Air Force learned of the virus by reading about it in Danger Room.
Click Image To Enlarge
The virus, which records the keystrokes of remote pilots as their drones fly over places like Afghanistan, is now receiving attention at the highest levels; the four-star general who oversees the Air Force’s networks was briefed on the infection this morning. But for weeks, it stayed (you will pardon the expression) below the radar: a local problem that local network administrators were determined to fix on their own.
A source involved with Air Force network operations says.
“It was not highlighted to us. When your article came out, it was like, ‘What is this?’”
The drones are still flying over warzones from Afghanistan to Pakistan to Yemen. There’s no sign, yet, that the virus either damaged any of the systems associated with the remotely piloted aircraft or transmitted sensitive information outside the military chain of command — although three military insiders caution that a full-blown, high-level investigation into the virus is only now getting underway.
Nevertheless, the virus has sparked a bit of a firestorm in military circles. Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the U.S. military secures its information infrastructure: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of.
The four branches of the U.S. armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. The 24th Air Force, for example, “is the operational warfighting organization that establishes, operates, maintains and defends Air Force networks,” according to a military fact sheet. These units are then supposed to provide personnel and information to U.S. Cyber Command, which is supposed to oversee the military’s overall network defense.
In practice, it’s not that simple. Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes. In fact, most of the major commands within the Air Force don’t have formal agreements to carry the other’s network traffic. (The 24th Air Force did not immediately respond to requests to comment for this article.)
Vince Ross, the program manager of the Air Force Electronic Systems Center’s Cyber Integration Division, said in March.
“We’d never managed the entire Air Force network as a single enterprise. That meant there was no centralized management of the network, that systems and hardware weren’t standardized, and that top-level commanders didn’t have complete situational awareness.”
The plan is to one day integrate all that infrastructure into a single Air Force network. But for now, it’s largely cybersecurity by the honor system. Each base and each unit in the Air Force has its own geek squad. They only call for help if there’s a broader network problem, or if they’re truly stumped.
That didn’t happen when a so-called “keylogger” virus hit Creech more than two weeks ago.
A second source involved with operating the Air Force’s networks said.
“Nothing was ever reported anywhere. They just didn’t think it was important enough. The incentive to share weaknesses is just not there.”
Not even when that weakness hits the robotic weapons that have become the lynchpin for American military operations around the planet.
COMMENTARY: In a blog post dated February 7, 2011 and August 25, 2011, I profiled the United States Cyber Command (USCYBERCOM or CYBERCOM), the central command of the four U.S. military branches, that is entrusted with protecting the nation's computer networks and high security systems against cyberattacks.
This is not the first time that our drones have been hacked. On December 17, 2009, The Wall Street Journal reported that militants in Iraq had used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
The potential drone vulnerability in December 2009 lied in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.
December 2008, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. This person said.
"There was evidence this was not a one-time deal."
The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.
Let's just hope that the Iranians, Pakistani's, jihadists, Taliban or other terrorists do not use our own drones to attack our guys.
Courtesy of an article dated October 11, 2011 appearing in Wired
Comments