More Proof that Security is Impossible

More Proof that Security is Impossible
If the spend And spend government refuses to secure critical systems, what hope can there be for us mere mortals?



Last week’s Interop New York conference, as is always the case, featured a number of very interesting discussions of wireless and mobile security, including an excellent “deep dive” in the form of Lisa Phifer’s overview of best practices for WLAN security. Bottom line: nothing’s perfect, but we’ve got really good tools and strategies available today, and, while I’ll never tell you that one can achieve absolute security, because one can’t, we can do a pretty good job when we set our minds to it. Annoyances like viruses can indeed be minimized – or so we assume.

So how come the US military is still unable, despite budgets that are well beyond the reach of us mere mortals, to secure critical systems? I previously wrote about the unsecured (in fact, wide-open) video stream transmitted by the mission-critical Predator UAVs (sometimes incorrectly called “drones”), and why anyone stupid enough to design (as well as specify and approve) such a solution shouldn’t be allowed anywhere near a critical national-security system (hell, I wouldn’t trust them with a smartphone). Well, it appears that nothing’s changed in the past two years, and these critical systems are still at risk.

According to a wide variety of reports (see an example here), the Predator and its cousin the Reaper are now infested with a virus – yes, a virus – that, while not compromising operations (it’s a keylogger affecting ground systems, though), at least according to the military, is proving impossible to get rid of. This is reminiscent of the famous Stuxnet worm/virus, perhaps one of the best weapons systems ever developed. But it seems that the Predator/Reaper folks still haven’t learned a thing here, once again presenting a major opportunity for mission compromise and more of your tax dollars wasted by stupidity and incompetence. To anyone advocating higher taxes in any form, please take note. And to those who don’t understand even the basics of IT security, please consider a different career

0 comments: