
US military uses 8-inch floppy disks to coordinate nuclear force operations - eplanit
http://www.cnbc.com/2016/05/25/us-military-uses-8-inch-floppy-disks-to-coordinate-nuclear-force-operations.html
======
TeMPOraL
Old storage media (floppies, CDs) have a big advantage over new ones (SD
cards, USB sticks, hard drives) - they _don 't have firmware_. Most people
didn't notice how over the last decade or so we've moved from having a
computer read out data directly from a removable medium to having two
computers talking together over a low-level, high-privilege protocol. While
there are many benefits to this evolution, it also opens up many serious
attack vectors.

~~~
btgeekboy
Along the same lines, you can visually inspect them. Now, perhaps there's a
way to hide some sort of wafer-thin wireless reader and transmitter in a
floppy disk that can somehow harvest enough electrical energy to be useful,
but that's a long shot.

As for SD cards, ones that are more than just storage (e.g. with wireless
technology embedded) already exist.

~~~
gene-h
Even if you could hide a wireless reader and transmitter in a floppy disk, you
would still be able to pick it up on X-ray. It would be very difficult to
differentiate an SD card with a malicious payload even if one X-rayed it.

~~~
cesarbs
Would X-rays corrupt the data on the floppy disk? Honest question, I have no
idea.

~~~
daveguy
I think the answer is no. You have to have a magnetic field to induce changes
on a floppy (don't get them near a magnet). An x-ray would require a curved
flow to generate a magnetic field (think electromagnet) so the generally
direct x-ray flux should be harmless. Of course the equipment and power
requirements may make it difficult to avoid magnetic fields. Not an x-ray
expert.

------
cm2187
It reminds me this story, which was told to me as a true story, but I wouldn't
bet too much on that.

A soviet bomber gets lost and finds itself over western germany. It has to
land on a military airport, which pilots jovially invite the soviet pilots for
a drink. While they are drinking, intelligence officers take pictures of the
plane, and are laughing at antiquated soviet technology, using bulbs while the
US was well into the age of transistors. It's only back in the US that the
intelligence officers realised that the soviet were using bulbs not for the
lack of transistors, but because they can resist a nuclear explosion...

~~~
bhollan
They still sell them today. They're called Nuclear Event Detection (NED)
chips. It detects a spike in voltage from the air and drops all power to
everything, acting as an instantaneous power interrupt for everything you care
about.

I used to test them for Lockheed all the time on stuff that flies on stealth
aircraft. There is a very specific sequence of events with very tight specs
they have to pass, the whole thing is over in 250 ms, and that includes the
shutdown duration.

~~~
superuser2
How do you test such a thing? Small nukes?

~~~
whoopdedo
Large radio antennas can create electromagnetic pulses like what you'd get
from a nuke blast. I lived not too far from a site that tested them[1][2].
Just before it was decommissioned there were a lot of news articles written
about how they did the testing. I can't find any photos now, but they're out
there somewhere.

It's now a wildlife refuge..

[1]:
[http://www.globalsecurity.org/military/facility/woodbridge.h...](http://www.globalsecurity.org/military/facility/woodbridge.htm)
[2]:
[http://eservice.pwcgov.org/library/digitallibrary/hsdw/A_Fol...](http://eservice.pwcgov.org/library/digitallibrary/hsdw/A_Folder/ArmyEMPSimulatorOp76-392/pdfs/armyEMPsimulatoropPropHistA76-0392.pdf)

------
teh_klev
The linked report is worth a scan:

[http://www.gao.gov/assets/680/677454.pdf](http://www.gao.gov/assets/680/677454.pdf)

Pages 15 to 19 are what the CNBC article picked up on:

 _This system coordinates the operational functions of the nation’s nuclear
forces. This system is running on an IBM Series /1 Computer—a 1970s computing
system—and uses 8-inch floppy disks_ \- from page 19

The IBM Series/1 isn't _that_ ancient (well for me anyway) and was comparable
to 16 bit Data General (I trained on Data General Nova 3's, 4's and Eclipse
S/130's back in the mid-80's) and DEC mini's of the day:

[https://en.wikipedia.org/wiki/IBM_Series/1](https://en.wikipedia.org/wiki/IBM_Series/1)

As long as you keep up with the usual preventative maintenance (filter
changing etc), these old boxes just keep on working. Sometime in the early
2000's a buddy of mine still had a preventative maintenance contract on a DG
Nova 3 [0] attached some astronomy kit. John asked if I fancied a day out to
see this machine and go along with him on his PM visit. I hadn't seen an old
Nova or Eclipse machine since the early 90's, so why the hell not? When I
asked why such an old machine (probably manufactured in '75 or '76) hadn't
been replaced with a faster smaller box (e.g. top end PC server type of
thing), the reason was at the time nothing could come close to the data
channel speeds this old box could sustain when collecting data from their
astronomy thing.

If anyone from St Andrews astronomy department knows about this old machine
I'd love to know what happened to it.

[0]:
[https://en.wikipedia.org/wiki/Data_General_Nova](https://en.wikipedia.org/wiki/Data_General_Nova)

------
gravypod
I'd rather use outdated technology then use new technology that could
introduce bugs.

~~~
Malic
There is something to be said about using proven technologies. But there is
also something to be said about using _still supported_ technologies.

Really, are there producers of 8" floppy media anymore? Are we relying on
"new-but-old" stock for occasional replacement needs for these systems? Sounds
like that wrench that had to be FedEx'ed between silo bases for Minuteman
maintenance:

[http://abcnews.go.com/Politics/us-wrench-nuclear-
bases/story...](http://abcnews.go.com/Politics/us-wrench-nuclear-
bases/story?id=26916107)

~~~
throwanem
> are there producers of 8" floppy media anymore?

It would appear so, and in the US, yet:
[http://www.athana.com/html/diskette.html#8](http://www.athana.com/html/diskette.html#8)

~~~
joshavant
I seem to remember someone telling me how there are a couple of cottage
industries that center around the fact that the US Government has to buy goods
that are US-made.

I think ceiling fans are one example. (i.e. There's relatively few US-based
ceiling fan manufacturers. For one of them, I think the large chunk of their
business is the US Government.)

I have a feeling this may be an example of that.

------
5ilv3r
What's wrong with 8" floppy disks? They seem easy to manufacture (same as a
VHS tape but cut differently), are pretty reliable if you keep them away from
magnets (Which is common sense), and don't really have a shelf life problem
until the plastic gets brittle. Hell, if they degrade, you can even retrieve
the undamaged parts with no fuss.

Who wins by moving to SD?

~~~
DrScump
Meanwhile, lots of present-day sites use a diskette icon to represent a "save"
function. A _diskette_? Seriously?

~~~
JupiterMoon
Language and symbols evolve. When that icon was first used it was a disk. Now
it means save. Users know what it means.

------
missed_out
At one time, government engineers were in equal standing with contractor
engineers. As defense spending dwindled down after the Vietnam war, defense
contractors began to lobby for more control of defense workloads. On a
contract, the government engineers would maintain the product and defense
contractors did the development. Money set aside for documentation was
devoured by the contractors so that only the contractors had the knowledge
base of the product. Future weapon system development is the money maker for
contractors, so to have them bid on upgrading a weapon system such as this,
the cost would be very inflated. So you have this situation where the
government cannot organically do the job either because of loss of expertise
or documentation of the system. Or it is cost prohibitive using a defense
contractor. The expertise for government oversight for contracting is a major
problem. As an example, the DMV database system for the state of California.
When you look at all the companies today using the cloud and creating huge
databases practically overnight, how can projects like this fail. Another
example, the Obama Care website. The government at every level, just does not
have the expertise to insure that contractors perform to the letter of the
contract. And then you have all this lobbying crap by the contractors to
contend with. It really comes down to ETHICS. Contractors are not out to give
you the most bang for your buck, they want the most bucks for smallest bang.
After spending 28 years working with defense contractor engineers, I was not
impressed. Unfortunately, I was not impressed with the ethics or the adherence
to security concerns of my coworkers either, so I walked away. I would not be
so concern with the 8 inch floppies, but more concern with the electronics
that use them.

~~~
eru
> The government at every level, just does not have the expertise to insure
> that contractors perform to the letter of the contract.

Ideally, they would have even more expertise to make judgement calls, so that
they could rely (in some sense) on the spirit of the contract and not just the
letter.

I guess comparisons to public sector and military procurement in other
countries (and times) might be instructive.

~~~
hodwik
I think they have just as much experience and technical know-how as their
contractors, but have neither the funds or the go-ahead to implement this
stuff themselves.

For example, Obama signed an executive order requiring the DoD to use
electronic records management systems to store all of their classified data.

The tricky part is that the way it is written, they have to buy this, they're
not allowed to write the system that holds their own data.

(See JITC 5015.2.)

~~~
missed_out
This is what I observed at McClellan AFB during my time there. No matter how
hard I fought to do the work as a government engineer, management continuously
turned the work over to contractors. As to why? I was taken aside and given
the most ridiculous reason. If the project fails or overruns, the manager just
gets more money to give to the contractor. Being screwed by the contractor was
acceptable. But if done organically and there were problems, the manager gets
a ton of grief. But this is the government, what terrible fate will come down
on the manager? I also noticed that a lot of these managers retired from
government service ended up working for the contractors, and the process
recycles itself. This came back to bite McClellan AFB in the arse later. Come
BRAC time, the contractors made it an easy choice to close the base by taking
the work back their sites at a much reduced cost.

------
bhollan
I'll just put this here: [https://www.youtube.com/watch?v=1Y1ya-
yF35g](https://www.youtube.com/watch?v=1Y1ya-yF35g)

~~~
spoiledtechie
This blows me away. I think ignorance comes to those people who refer to
comedian shows when talking about seriousness.

This shows me ignorance, not John Oliver, but the person who chooses to use it
to satisfy some valid and real point.

~~~
bhollan
<cough>relevant username.</cough>

I take the government's actions very seriously. I left the country, wife and
kids and all, because I got tired of it.

I respect Jon Oliver's work. I think he makes discussions about things like
this more approachable to more people than any article cnbc will every
publish.

------
katzgrau
In the words of Joel Spolsky, "code doesn't rust."

Who cares how old the code or the medium is? If it's tested and working, and
it's used for nuclear effing weapons, I'm happy to leave it in my pile of tech
debt.

------
ForHackernews
Everyone needs to shut the hell up about nuclear obsolescence.

If we can just keep the politicians from noticing the need to "modernize"
these terrible weapons, then in a few short decades we will have achieved a de
facto global disarmament. Everyone can continue manning their silos filled
with stale dud warheads, fingers hovering over buttons that no longer work.
We'll have all the stratigic stabilizing influences of mutually-assured-
destruction, with none of the actual threat-of-destruction.

But engineers and journalists need to shut up and not point out that the
emperor's got no nukes.

~~~
briarrose
It's too late. The Obama administration has proposed a one trillion dollar
budget to modernize the nuclear arsenal. The inclusion of low-yield nuclear
devices is considered especially unnerving as it is believed their use would
be easier to justify and could lean to a full nuclear exchange.
[http://mobile.nytimes.com/2016/01/12/science/as-us-
modernize...](http://mobile.nytimes.com/2016/01/12/science/as-us-modernizes-
nuclear-weapons-smaller-leaves-some-uneasy.html)

~~~
saalweachter
To be fair, Obama requesting the money is one of the best ways to ensure
Congress does not appropriate it.

~~~
dragonwriter
While true in general, with regard to military applications, Obama requesting
money _can_ be a way to get Congress to appropriate _more_.

~~~
saalweachter
Obama also unfortunately tends to act in good faith and with intent, so snark
aside if he requested the funding for them he is probably OK with tactical
nukes.

------
lr
I'd rather have floppy disks and air-gapped systems for our nuclear arsenal
than have them all connected to an insecure network (which is pretty much any
network these days).

------
3327
There is more to this than "out dated" technology. There is tremendous
espionage and malicious activity protection by using outdated technology. The
schematics of these systems were never online, making and introducing malware
is also prohibitively difficult due to the lack of domain knowledge and
expertise on the technology.

There are huge upsides to using outdated technology when it comes to nuclear
warheards.

~~~
HillaryBriss
what's the difference between outdated technology which has never been
documented online, and new technology which has never been documented online?

~~~
excitom
If you're using Windows 10 or MacOS, people know how to find their way around
in the absence of documentation. How many people could figure out the command
line interface to a 1970s era IBM Series/1 without docs?

~~~
kens
If you want documentation on old computers, check out bitsavers; piles of
information on the IBM Series/1 is at
[http://bitsavers.org/pdf/ibm/series1](http://bitsavers.org/pdf/ibm/series1)

------
orf
Would you rather they used USB sticks?

------
sehugg
60 Minutes covered this in 2014: [http://www.cbsnews.com/news/tour-a-nuclear-
launch-control-ce...](http://www.cbsnews.com/news/tour-a-nuclear-launch-
control-center/)

They were surprised to see things like "an antique computer without a
monitor."

------
zekevermillion
Hey, if it ain't broke...

------
powertower
In the mean time, this thing will do Mach 20 (~ 7 km/s), and its already
concidered as old-tech with a newer version being worked on -

[https://www.youtube.com/watch?v=lTVgJ8Sb34E](https://www.youtube.com/watch?v=lTVgJ8Sb34E)

------
mkhpalm
I wonder what the cost is to maintain uber legacy systems like that? Like at
what point does it teeter over to being the most expensive thing like it?
(while remaining less capable)

------
draw_down
Well, does it work? If so then what's the problem?

~~~
randyrand
Did the article say there was a problem? If so, what did they say the problem
was?

~~~
etrevino
The article describes the IT systems as "creaky" and referred to the "jaw
dropping" GAO report that inspired this article was described as "sobering".
So, it would appear that the problem the article referred to is the obsolete
systems.

------
occsceo
LOAD "ENDOFTIMES", 8, 1

------
emp_zealoth
It is interesting to learn just how much "technical" debt USA has 911 that is
falling apart Nuclear weapons debacle (and a lot of other systems too) The 7
trillion infrastructure problem

------
avaliente
Treasury's master business file, which contains all tax data on individual
business income taxpayers, likewise is written in that same assembly language
code, which was first used in the 1950s, and maintained on the old-school IBM
mainframe.

[https://callenq.com](https://callenq.com) is the free market bringing 2016
technology to the IRS to receive prompt customer service.

