Officials at Creech Air Force Base in Nevada knew for two weeks about a virus infecting the drone “cockpits” there. But they kept the information about the infection to themselves — leaving the unit that’s supposed to serve as the Air Force’s cybersecurity specialists in the dark.
The virus, which records the keystrokes of remote pilots as their drones fly over places like Afghanistan, is now receiving attention at the highest levels; the four-star general who oversees the Air Force’s networks was briefed on the infection this morning. But for weeks, it stayed (you will pardon the expression) below the radar: a local problem that local network administrators were determined to fix on their own.
There’s no sign, yet, that the virus either damaged any of the systems associated with the remotely piloted aircraft or transmitted sensitive information outside the military chain of command — although three military insiders caution that a full-blown, high-level investigation into the virus is only now getting underway. Nevertheless, the virus has sparked a bit of a firestorm in military circles. Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the U.S. military secures its information infrastructure.
Most of the major commands within the Air Force don’t have formal agreements to carry the other’s network traffic. “We’d never managed the entire Air Force network as a single enterprise,” Vince Ross, the program manager of the Air Force Electronic Systems Center’s Cyber Integration Division, said in March. “That meant there was no centralized management of the network, that systems and hardware weren’t standardized, and that top-level commanders didn’t have complete situational awareness.
“Nothing was ever reported anywhere. They just didn’t think it was important enough,” says a second source involved with operating the Air Force’s networks. “The incentive to share weaknesses is just not there.
0 comments:
Post a Comment