THE PREDATOR CHANNEL®: WATCH THE SKIES™
Dec. 31st, 2009 12:26 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
defrogOr, “More things yr being told to worry about that you probably shouldn’t”.
You may or may not have heard that insurgents in Iraq and Afghanistan managed to hack into live unencrypted ROVER (Remotely Operated Video Enhanced Receiver) video feeds from US Predator drones and, in fact, just about every warplane in the US fleet using a satellite dish and a $25 app they downloaded from the Interwub.
I was going to post it earlier, but the more I read the comments section on Danger Room, the more I started to wonder if this was really that a big deal, given how encryption works and how the insurgents are only gaining access to random video streams, not control of the aircraft.
Turns out it is, but not for the reason you think, according to Bruce Schneier:
In other words, “The real failure here is the failure of the Cold War security model to deal with today's threats.”
POSTSCRIPT: It’s interesting that Schneier is suddenly ubiquitous in the wake of the Mr Sizzly Pants Incident and subsequent TSA freakout rules. Well, ubiquitous in ther sense that he’s been on Rachel Maddow and CNN’s web site.
The irony is that he’s been saying this kind of stuff since Richard Reid tried out the shoe bomb idea. But it’s only now that the TSA is finally making air travel as uncomfortable as possible that anyone’s willing to listen to him. Except the TSA, sadly.
The sun always shines on TV,
This is dF
You may or may not have heard that insurgents in Iraq and Afghanistan managed to hack into live unencrypted ROVER (Remotely Operated Video Enhanced Receiver) video feeds from US Predator drones and, in fact, just about every warplane in the US fleet using a satellite dish and a $25 app they downloaded from the Interwub.
I was going to post it earlier, but the more I read the comments section on Danger Room, the more I started to wonder if this was really that a big deal, given how encryption works and how the insurgents are only gaining access to random video streams, not control of the aircraft.
Turns out it is, but not for the reason you think, according to Bruce Schneier:
During the Cold War, the NSA's primary adversary was Soviet intelligence, and it developed its crypto solutions accordingly. Even though that level of security makes no sense in Bosnia, and certainly not in Iraq and Afghanistan, it is what the NSA had to offer. If you encrypt, they said, you have to do it "right."
The problem is, the world has changed. Today's insurgent adversaries don't have KGB-level intelligence gathering or cryptanalytic capabilities. At the same time, computer and network data gathering has become much cheaper and easier, so they have technical capabilities the Soviets could only dream of. Defending against these sorts of adversaries doesn't require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible.
The problem is, the world has changed. Today's insurgent adversaries don't have KGB-level intelligence gathering or cryptanalytic capabilities. At the same time, computer and network data gathering has become much cheaper and easier, so they have technical capabilities the Soviets could only dream of. Defending against these sorts of adversaries doesn't require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible.
In other words, “The real failure here is the failure of the Cold War security model to deal with today's threats.”
POSTSCRIPT: It’s interesting that Schneier is suddenly ubiquitous in the wake of the Mr Sizzly Pants Incident and subsequent TSA freakout rules. Well, ubiquitous in ther sense that he’s been on Rachel Maddow and CNN’s web site.
The irony is that he’s been saying this kind of stuff since Richard Reid tried out the shoe bomb idea. But it’s only now that the TSA is finally making air travel as uncomfortable as possible that anyone’s willing to listen to him. Except the TSA, sadly.
The sun always shines on TV,
This is dF
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
on 2009-12-31 05:23 am (UTC)Having worked on commercial network and physical security solutions, I can assure you that they have exactly the same problems: encryption where it counts the least, but they're wide open where they're exposed.
It's going to take some seriously smart criminals or terrorists to hack the encryption used in your sealed, dedicated network between your security cameras and the control panel, let alone to make sense of it. But why should they bother, when that data is translated into information and then squirted down a poorly secured channel like a wireless LAN or a phone line as a simple HTTP, FTP, SMS, or email?
Truth is that commercial grade encryption, if configured correctly, is good enough to keep just about any data secure.
-- JF