Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Sunday, February 5, 2012

AV Week--F-35 compromised to cyber attacks

Various sources in an Aviation Week article indicate that the F-35 and some other programs have been a victim of cyber-espionage.

Before the intrusions were discovered nearly three years ago, Chinese hackers actually sat in on what were supposed to have been secure, online program-progress conferences, the officials say.

...and...

“You are on to something,” says a veteran combat pilot with insight into both the F-35 and the intelligence communities “There are both operational and schedule problems with the program related to the cyber data thefts. In addition, there are the costs of redressing weaknesses in the original system design and lots of software fixes.”

It is doubtful that there is that much that isn't known about the F-35 when certain forces of interest do threat planning.

The F-35 program may have been vulnerable because of its lengthy development. Defense analysts note that the JSF’s information system was not designed with cyberespionage, now called advanced persistent threat, in mind. Lockheed Martin officials now admit that subcontractors (6-8 in 2009 alone, according to company officials) were hacked and “totally compromised.” In fact, the stealth fighter program probably has the biggest “attack surface” or points that can be attacked owing to the vast number of international subcontractors.

There also is the issue of unintended consequences. The 2009 hacking was apparently not aimed at the F-35 but rather at a classified program. However, those accidental results were spectacular. Not only could intruders extract data, but they became invisible witnesses to online meetings and technical discussions, say veteran U.S. aerospace industry analysts. After the break-in was discovered, the classified program was halted and not restarted until a completely new, costly and cumbersome security system was in place.

As an aside, too bad that senate staffers don't have much of a clue how air power works:

“I think the biggest issue facing the JSF is that there has been a profound shift in the military’s perception of the value of manned aircraft compared to unmanned aircraft,” he says. “I’ve had long conversations with a Marine Corps forward air controller who has just returned from Afghanistan. He pointed out that an F/A-18 can be kept on call for 15 minutes, but an unmanned Reaper is there for eight hours. The day of the fighter pilot is over. There has been a seismic shift in the military’s value judgment of manned and unmanned aircraft.”

Now try that magic trick in a non-permissive air environment. It seems others are confused too:

The JSF and its mission of penetrating integrated air defense systems will not be threatened by unmanned aircraft despite cost issues, says a retired aerospace official who has been involved with the F-35 throughout its life.

Since the F-35 won't cut it against modern anti-access threats, the statement above doesn't mean much.

Saturday, October 8, 2011

Poor computer security with U.S. drones

If this article is correct it is disturbing in that they seem to have no solid and tested disaster recovery process (DR).

They don't appear to know about how to reimage computers quickly to put them back in action (also part of a tested and documented DR process).

They don't seem to know process of how to deal with these kinds of threats properly. And still let the virus reside on the system even though they do not know what it does and including the fact that the feed that they use is not always encrypted?

I will save the best for last; it makes no sense to use Windows systems (no matter what a contractor says )for this kind of work when there are very good Unix and Linux systems that can be built from scratch including of course good security behaviour you want built into the kernel.

Unreal. I hope the article is an exaggeration.

Wednesday, May 18, 2011

Whistle-blower--Air marshals, security guards, embassy staff, a sample of poor vetting

An investigation will be launched to look into whistle-blower claims that Defence is not doing proper security vetting of personnel. How far does this go?

"The whistle-blowers said Australian embassy staff, air marshals and security guards working on military bases were among those who had not been properly vetted."