By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
    benefits of data analytics for financial industry
    Fascinating Changes Data Analytics Brings to Finance
    7 Min Read
    analyzing big data for its quality and value
    Use this Strategic Approach to Maximize Your Data’s Value
    6 Min Read
    data-driven seo for product pages
    6 Tips for Using Data Analytics for Product Page SEO
    11 Min Read
    big data analytics in business
    5 Ways to Utilize Data Analytics to Grow Your Business
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Dronegate: The First Casualty is Our Cybersecurity Paradigm
Share
Notification Show More
Latest News
cloud-centric companies using network relocation
Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
Cloud Computing
construction analytics
5 Benefits of Analytics to Manage Commercial Construction
Analytics
database compliance guide
Four Strategies For Effective Database Compliance
Data Management
Digital Security From Weaponized AI
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Security
DevOps on cloud
Optimizing Cost with DevOps on the Cloud
Development
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > Dronegate: The First Casualty is Our Cybersecurity Paradigm
Best PracticesPolicy and GovernanceSecurity

Dronegate: The First Casualty is Our Cybersecurity Paradigm

AlexOlesker
Last updated: 2011/10/14 at 12:42 AM
AlexOlesker
6 Min Read
SHARE
- Advertisement -

Drone: Kirsty Wigglesworth/Associated Press

- Advertisement -

Drone: Kirsty Wigglesworth/Associated Press

As of yet, there is no definitive narrative of the virus that hit the U.S. drone fleet at Creech Air Force Base in Nevada this September. Original reports stated that drone cockpits had been infected with a keylogger virus and, while there was no indication that classified information had been stolen or that missions had been compromised, the virus has proven tenacious, resisting efforts to disinfect machines and forcing the Air Force to wipe entire hard drives. Sources said that officials at Creech never informed the 24th Air Force, the central authority on cyber for the Air Force, about the breach until the 24th read about it online. Yesterday, however, in its first official statement on the infection, the Air Force explained that the virus was actually credential stealer and insisted that the virus was only a nuisance that was easily contained. It claimed that the 24th AF had known about the breach since the 15 September. The Air Force also disputed that cockpits were affected, stating that only ground control systems were breached.

More Read

Cybersecurity Plan

How to Plan a Cybersecurity Strategy for Your Small Business

ML is a Vital Defense Against Thwart Digital Attack Surfaces
What Role Does Breach and Attack Simulation Play in Data Protection?
Network Security Certifications to Combat Growing Data Breach Threats
Smart SMBs Are Taking Advantage of Major Advances in Data Security

If initial reports were true, then our military cybersecurity is in a lamentable state. The most critical element of perhaps our most vital weapons and intelligence systems would have been breached, and the primary defenders were kept in the dark because of the fear of failure that permeates security and stifles information-sharing and cooperation. But even if the relatively optimistic official accounts of the infection are the whole truth, the military’s computer security paradigm still needs an overhaul.

In some ways, the official statement is more worrying than even the most sensational initial accounts as it suggests a disconnect from cybersecurity realities. First, it’s too quick to dismiss what may have been a real threat. According to Microsoft security architects, once a credential stealer gets a foothold on your network, it typically takes between 24 and 48 hours to gain Domain Admin credentials and access to every account and workstation. An anonymous official has claimed that the malware only targets online gaming accounts, but this has not been confirmed or attributed. If the 24th managed to isolate the virus, they may have squashed a nuisance or they averted a crisis. Their confidence in defensive measures is even more unsettling. “Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach,” the release claims, “We continue to strengthen our cyber defenses, using the latest anti-virus software and other methods.” That the Air Force feels safe behind a cyber Maginot Line, as Professor Rick Forno would say, does not fill me with confidence, especially when the virus has already penetrated “air gaped” systems, the gold standard in network security.

It’s time the Air Force adopts industry best-practice and switches to a “presumption of breach” mindset. Rather than putting all of its energy into keeping all attackers out with technological silver bullets, the Air Force, like top private firms, must assume that it will be infected and most likely already is. This is hardly a stretch. The official release states that drone systems are not facing any “advanced persistent threat” or even targeted attack, just one of millions of random, run-of-the-mill viruses floating around on the internet. The malware in question is said to be commonly used to steal log-ins and passwords for online games, implying that it was picked up in such a setting. How many other isntances of malware were accidently picked up by Air Force personel and possibly transfered on to classified systems? And if malware designed to steal your Mafia Wars account can access some of the military’s most mission critical systems, how long will it take for a sophisticated, state-sponsored virus like Stuxnet makes in on to UAV infrastructure?

- Advertisement -

A “plan to fail” approach would shift emphasis to forensics and remediation, areas where the Air Force seems to be lagging. If the 24th AF really did know about the infection since 15 September, at least their monitoring and intrusion detection systems are in order. The official release, however, does not say that they have finished disinfecting computers or that they have determined the source of the malware, implying that they are still working on forensics and infection turnaround a month later. If true, the initial insider reports of persistent and mysterious malware confirm this, and add that the only cure seemed to be to wipe internal hard drives and start clean, a costly and time consuming process.  It is also important, when operating under a presumption of breach, to share information about infections, attacks, and mistakes, unlike initial reports suggested, rather than hide possible failures and to learn from them. From the tone of the press release, classifying the attack as a minor annoyance promptly taken care of with the latest and greatest technology, it doesn’t look like much learning is taking place.

Related articles

  • Get Hacked, Don’t Tell: Drone Base Didn’t Report Virus (wired.com)
  • Follow Up of the Day: Air Force Says Drone Fleet Virus is Just a Nuisance (geeks.thedailywh.at)
  • Yesterday’s Security Doesn’t Work for Today’s Threats (CTOvision.com)

TAGGED: air force, cybersecurity, virus
AlexOlesker October 14, 2011
Share this Article
Facebook Twitter Pinterest LinkedIn
Share
- Advertisement -

Follow us on Facebook

Latest News

cloud-centric companies using network relocation
Cloud-Centric Companies Discover Benefits & Pitfalls of Network Relocation
Cloud Computing
construction analytics
5 Benefits of Analytics to Manage Commercial Construction
Analytics
database compliance guide
Four Strategies For Effective Database Compliance
Data Management
Digital Security From Weaponized AI
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
Security

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

Cybersecurity Plan
Security

How to Plan a Cybersecurity Strategy for Your Small Business

8 Min Read
machine learning can be trained to stop cyberattacks
Security

ML is a Vital Defense Against Thwart Digital Attack Surfaces

9 Min Read
data protection guide
Security

What Role Does Breach and Attack Simulation Play in Data Protection?

7 Min Read
network security credentials to stop data breaches
Security

Network Security Certifications to Combat Growing Data Breach Threats

10 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence
ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?