Reading this article about insurgents hacking into the US drones in Iraq.
It had me all excited. I thought it would be just like the video games except you get to blow up real live insurgents. Or in the insurgents case they get to blow up our soldiers which is not so good.
Fortunately, for our side it’s not quite what it seems. All they have done, and it is available to anyone, is tapped into some video transmissions from the satellites. Nothing spectacular but instead of watching porn like everyone else does they get to watch their buddies being sent off to paradise. It must be difficult for them to take the feeds and line them up with ground targets to see what the pilots are seeing. Not impossible though.
So I would imagine some programme manager back in the US is explaining that to save some money they decided not to encrypt the video downloads but only the control interfaces. At the time it probably seemed a good idea. It wasn’t controlling the drone or giving out classified information, it was unlikely anyone would find the data and it costs money to put in encrypted links of that bandwidth. So risk low and cost high to mitigate. Only problem, for him, is that an easy solution came along to enable anyone to find the link. So now it is all over the news and making the US Air Force looking stupid.
So end result is that a few bad guys may have escaped because they were warned drones were in the area. The US has an emergency upgrade on it’s comms links to make and some poor programme manager is even now trawling minutes to see if it was security that made the decision or just accepted his risk assessment. If you are reading this I can tell you from experience no matter what is in the minutes you are on your own. Just ensure you err on the side of caution in the future and don’t try and save money where security is involved.
Hindsight, it’s a wonderful tool for analysing problems.
Sometimes you can't win
Reading this article about insurgents hacking into the US drones in Iraq.
It had me all excited. I thought it would be just like the video games except you get to blow up real live insurgents. Or in the insurgents case they get to blow up our soldiers which is not so good.
Fortunately, for our side it’s not quite what it seems. All they have done, and it is available to anyone, is tapped into some video transmissions from the satellites. Nothing spectacular but instead of watching porn like everyone else does they get to watch their buddies being sent off to paradise. It must be difficult for them to take the feeds and line them up with ground targets to see what the pilots are seeing. Not impossible though.
So I would imagine some programme manager back in the US is explaining that to save some money they decided not to encrypt the video downloads but only the control interfaces. At the time it probably seemed a good idea. It wasn’t controlling the drone or giving out classified information, it was unlikely anyone would find the data and it costs money to put in encrypted links of that bandwidth. So risk low and cost high to mitigate. Only problem, for him, is that an easy solution came along to enable anyone to find the link. So now it is all over the news and making the US Air Force looking stupid.
So end result is that a few bad guys may have escaped because they were warned drones were in the area. The US has an emergency upgrade on it’s comms links to make and some poor programme manager is even now trawling minutes to see if it was security that made the decision or just accepted his risk assessment. If you are reading this I can tell you from experience no matter what is in the minutes you are on your own. Just ensure you err on the side of caution in the future and don’t try and save money where security is involved.
Hindsight, it’s a wonderful tool for analysing problems.