By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Updates on Dronegate
Share
Notification Show More
Latest News
ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing
become a data scientist
Boosting Your Chances for Landing a Job as a Data Scientist
Jobs
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Risk Management > Updates on Dronegate
AnalyticsRisk ManagementSecurity

Updates on Dronegate

AlexOlesker
Last updated: 2011/10/27 at 11:56 AM
AlexOlesker
6 Min Read
SHARE

Since I wrote my fist post on the virus affecting the drone fleet at Creech Air Force base, information has begun to trickle in and some interesting commentary has emerged.

Since I wrote my fist post on the virus affecting the drone fleet at Creech Air Force base, information has begun to trickle in and some interesting commentary has emerged.

The Air Force has followed their official press release stating that the virus, which they say was a credential stealer, was merely a nuisance with a statement by General Robert Kehler, head of U.S. Strategic Command, which oversees Cyber Command.  Gen. Kehler confirmed that the virus did not target Remote Pilotless Aircraft specifically, and instead said that “It was a virus that we believe at this point entered from the wild, if you will.” As I suspected and the other Air Force release implied, the virus has not yet been eradicate and it has not been determined how such a virus entered the drone systems in the first place.

More Read

bitcoin hackers and its safety

Useful Tips To Protect Your Bitcoin From Hackers

Big Data Makes Black Hat Hackers More Terrifying Than Ever
The Hidden Dangers Of The Internet of Things [Infographic]
Adobe Hack Update: 150m+ Breached Records Now Online
Cloud Front Group Capabilities Featured in Geospatial Intelligence Forum

While Kehler remains very confident in the Air Force’s defenses, he also set more realistic goals in line with a “plan to fail” paradigm. ”We see multiple deliberate attempts to try to get into our networks, almost daily,” he noted, but thankfully “ the systems that we have put in place to detect such viruses worked… Perfect defense is probably not something we can achieve, but the idea of mission assurance is something we must achieve.”

In this context, “mission assurance” likely refers to the Department of Defense Instruction Number 8500. Mission assurance means system design and risk management so that, despite attacks and failures, a system can always complete its primary mission. In Directive 85000, the DoD defines three Mission Assurance Categories depending on the importance of the information for operations. MAC 1 refers to systems providing information vital do deployed or contingency forces where failure is unacceptable and the most stringent protection is necessary, while loss of integrity on MAC II systems can be tolerated for only a short time and require additional protection beyond industry norms, and MAC III systems, which handle information necessary for day-to-day operations but not critical in the short-term to deployed or contingency forces, can be protected by commercial best practice alone. According to the Air Force, the systems affected were Ground Control Systems, which refers to the facility predators are flown from but not the flight system including the stick, rudder pedals, or throttle. While RPA in flight would not be directly affected, meaning that infected systems were not MAC I, they could have been MAC II or MAC III so according to the DoD directive, their security should match or exceed the best commercially available solutions.

Mission assurance is a good goal for the Air Force because Directive 8500 outlines more of a risk management and system architecture approach to security with information sharing between stakeholders as advocated by Bob Gourley and Andrzej Kawalec at the HP Protect 2011 Conference. Gen. Kehler also acknowledges that perfect defense is unrealistic, hinting at presumption of breach.  Still, if current defenses worked as well as the Air Force claims, the virus would not have spread and become so hard to eradicate. The difficulties in cleaning infected computers and identifying the attack vector imply insufficient remediation and forensics tools, important elements of “plan to fail” and presumption of breach based security.

This brings into question whether the Ground Control Systems fulfilled Directive 8500. In an excellent article on “Embracing the ‘Presumption of Breach’ Doctrine With Rapid Detection and Response“, Jim Ivers of Triumphant explains the importance of  remediation and forensic tools currently on the market which would represent commercial best practice. These tools, separate from network defenses so that they can pick up what the shields missed, provide rapid  detection along with comprehensive discovery and analysis.  Through this analysis, they can counteract the persistence mechanisms present in modern malware which resurrect the virus after the malicious executable has been deleted, as seemed to be the case with the lingering drone malware. Triumphant also does change monitoring, tracking all the changes a virus made to limit collateral damage and avoid the costly process of wiping whole systems clean as initial reports claimed the Air Force was doing. Lastly, commercial best practices would correlate attack and machine data generated by firewalls and other network defenders so that the source of the virus could be identified and security gaps filled. As the Air Force is still only speculating over the manner in which this virus got on their networks, it seems that they failed in this process. Thus, while the goal of mission assurance is admirable, it seems that the Air Force needs to do more planning to fail in order to catch up to industry best practice in detection, remediation, and forensics.

Related articles
  • Dronegate: The First Casualty is our Cybersecurity Paradigm (ctovision.com)
  • Creech drone virus infection accidental, STRATCOM commander says (stripes.com)
  • Computer virus did not target US drone fleet: general (AFP)

TAGGED: air force, defense, hacking
AlexOlesker October 27, 2011
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

You Might also Like

bitcoin hackers and its safety
BlockchainExclusive

Useful Tips To Protect Your Bitcoin From Hackers

4 Min Read
big data and black hat seo
Big DataITSecurity

Big Data Makes Black Hat Hackers More Terrifying Than Ever

11 Min Read
Internet of ThingsSecurity

The Hidden Dangers Of The Internet of Things [Infographic]

5 Min Read
Image
Data ManagementRisk Management

Adobe Hack Update: 150m+ Breached Records Now Online

2 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?