I cannot believe that they would use Windows to control these drones. I wonder how the due diligence went down for that decision. It's reassuring to hear that they switched the controllers to Linux.
I don't use Windows for work or development purposes (I have 2 windows machines at home used as iTunes machines), so my question is: are there Windows versions available that are stripped down? It just seems that the amount of exploits that come out per week/month/year for Windows would get in the way of operational missions.
I'm not joking here but windows is absolutely rock solid and is as secure as any Unix variant if you set it up correctly. If you don't, it's Swiss cheese. Windows is only insecure because they've set it up like that to aid consumers.
They do stripped down versions such as windows embedded. You can strip a desktop install down to virtually nothing as well and it is very secure. It is however beyond most people to do so.
By changing the platform they've effectively saved their butts by pointing at the vendor. The real problem is incompetence and cost cutting.
I predict rootkit drones next as they haven't actually solved the real problem.
edit for the morons who blindly Downvote this: I spent a number of years building secure systems for the UK MoD. There were no attack vectors at all of any kind human or network, so the fact they were infected was purely incompetence.
NOTE: This does not mean that Windows NT is C2 certified (no operating system is ever C2 certified). Certification applies to a particular installation, including hardware, software, and the environment that the system is in. It is up to an individual site to become C2 certified.
yes and we were C2 cert in 2001. I was in charge of compliance.
The PCs were locked in metal cabinets, cables shielded, all hardware ports disabled, no physical connection anywhere to the internet, vpn+checkpoint to other sites which were also C2, software was all source vetted and escrowed before being allowed on the network, crypto everywhere. Factory floor was shielded as well to prevent RF escaping, datacentre was three gated inside the facility and there were lockdown pads and access control both biometric and smartcard on every door.
The software eng was the same except even heavier locked down with GPO and LSP.
We could have put an apple II in there and it'd be C2.
Windows is only insecure because they've set it up like that to aid consumers.
Indeed. For where would your average windows consumer be, without a useful selection of botnets, keyloggers and trojans, installed silently for their browsing convenience?
That said, I know you can reasonably lock down the older versions of windows NT, and really lock down many DOS variants, but I would say that the main reason for this is because they have been thoroughly studied and patched, rather than through careful design in the first place.
TBH I actually run a 100% not locked down default install of Windows 7 with Microsoft security essentials, IE9 and outlook.
I've never once had a virus, worm or trojan.
It's perfectly secure. The main issue is that most of the fuckwits out there click OK without reading or understanding every time. How's MS supposed to deal with idiots?
I'm actually sitting here with a ThinkGeek PEBKAC T-shirt on appropriately.
I never had a virus on my bbc micro, but I wouldn't use that as evidence of BASIC's security.
And nothing is ever perfectly secure. If you actually think that then you should take your t-shirt under advisement. Always assume that a system is compromised unless you have very good evidence to the contrary.
Next to being baffled that this comes out into the world, I can only laugh at this. Be careful what you wish for USA, You want cyber warfare? You just got it.
Just imagine, somebody with the intention to do harm having control over drones like that. It would be the ultimate remote strike, using their own systems, thát would rock their world the world!
The US most definitively does not want cyber warfare, which is why a bunch of military types have been going around for years warning about the possibility and the need to harden systems against it. Cyber warfare is bad news for the US because it's one of the areas of warfare in which the US doesn't have an obvious dominance.
Sure, just because you don't want a type of warfare doesn't mean you're not going to engage in it. This happens to be the kind of warfare which doesn't "escalate" as such -- certain countries will continue to attack US systems at exactly the same rate regardless of whether the US is attacking 'em back.
