Arrogance Has No Place in Security

  • 1. The contracting process for sophisticated equipment like a drone takes a long, long time from the initial idea to the actual product being employed. When the contract was written and put in place security may not have been an issue or the security specifications in the contract may have been obsolete by the time the drone was fielded.

    Your premise on the process maybe correct but lets not forget Drones are Isreali grown technology that was improved by the US for same use just longer range so the security implementation oversight of no encryption remains.

    Kind regards,
    Gift Peddie

  • Mcaporale makes five good points, but he forgets #6 - the chosen contactor will be the one who put in the cheapest bid.

    🙂

  • Why would we use encrypted communications equipment so we don't telegraph our strategy and then let the enemy see exactly what we are looking at. Aren't the predators armed with missiles?

    Intelligence should only be available on a need to know basis, not broadcast in the open.

  • Michael Osmond (1/27/2010)


    Hello Steve,

    Bruce Schnieder has an interesting discussion about the implications (or non-implications) of this in his January news letter http://lists.virus.org/crypto-gram-10/msg00000.html. Worth a read.

    Regards

    Michael

    Thanks, Michael. Schneier's comments were very informative, and I probably wouldn't have read them had you not provided the link.

    This seems like a classic situation where making any kinds of assumptions too quickly is probably a mistake. I think, taken together, the WSJ article, Steve's editorial, and Schneier's comments put the whole thing in perspective. I agreed with Schneier when he wrote, "Defending against these sorts of adversaries doesn't require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible."

    I wonder whether a compromise might be available via the commercial-grade route. Basically, if there were an encryption system that was not military grade but could still on average take a determined adversary a week or more to crack, the data would would usually get to them too late for it to be of the same value. Not perfect, but it might be better than the PR issues the Pentagon has to deal with and probably would cost a lot less in time and effort to build and maintain.

    Alternatively, the Pentagon could sort drones into two classes - say, routine and high-security - and reserve the encryption for the drones that are going on more sensitive missions. This could be a settable option for the drones so they don't have to build two different systems.

    Just my two cents. I'm sure this stuff is more complicated than it seems. After all, look at what happened with the Enigma machine, which the Nazis must have thought would never be cracked.

    - webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

  • blandry (1/28/2010)


    Speaking as a former Air Force officer, your point is well taken, but unless you have lived a while in the co-joined reality and fantasy of the service, you don't understand how these things actually happen.

    Encryption is a great idea of course, but in the military as we have seen in many recorded instances, encryption is not going to save us from pure, unadulterated stupidity. Cases in point:

    When Ronald Reagan ordered a squadron of F-111's to bomb Libya, one of those planes flew off course and disappeared presumably into the sea. The F-111 (in those days) used 'slap-in' hard disks (similar to RAID drives). If some flight tech accidentally loaded the tracking data for say, Iowa - confusing that with Libya - the plane will do what it is told and... well, you know the rest of the story.

    We recently had a bomber fly across country with nuclear weapons; something that is a complete and utter "no-no". Weapon loads are marked carefully with colors to indicate ordinance. How someone confused one color with another leaves one to presume that clearly, whoever was in charge that day was color blind.

    Of course, we all know that in the first Gulf War, our first President Bush announced that the much-touted Patriot missile had a record of 42 launches, 41 kills. In fact, as the Israelis reported after that skirmish - we did not hit a single scud missile, and in fact, the Patriot was never designed for that task. Our record, in truth, was 42 launches, 0 hits.

    Sure, all our high tech is a potentially wonderful thing. And yes, encryption is a great idea. But the cold hard reality of pure, and utter good old stupidity should remind us that no matter how "cool", "slick" or hi tech any weapons system is, its the human trying to use it that is the weakest link in the chain, and no amount of encryption, security, or procedures are worth squat when simple mistakes can make a mess of "smart systems".

    Just because dumb things happen doesn't mean we should design dumb in.

Viewing 5 posts - 16 through 19 (of 19 total)

You must be logged in to reply to this topic. Login to reply