Cybersecurity, the Old-Fashioned Way

Vice points out that our nuclear missiles are almost completely secure from cyber attack.
The technology that currently powers these nukes is notoriously antiquated. Most of the systems were designed and built during the height of the Cold War in the 1960s and ’70s, with the last major overhaul completed during the Reagan administration. Some computers in the missile base command centers still use eight-inch floppy disks....

U.S. nuclear missile base technology is ancient by modern standards, but the old machines offer almost maximum cybersecurity simply by virtue of their age. With everything hardwired and analog, the system is uniquely impervious to intrusion and meddling. That leaves some nuclear experts to ask: Why spend billions switching from a system that is relatively safe to one that’s potentially more vulnerable?
That strikes me as a good point.

9 comments:

Margaret Ball said...

It's a beautiful point.

Forty years ago I worked for a company that understood the only way to have a secure computer was to keep it in a locked room and never, ever connect it to anything else.

Notes on experiments had to be hand- written. In ink. In bound notebooks.

I wonder if either of those rules is understood today.

MikeD said...

Why spend billions switching from a system that is relatively safe to one that’s potentially more vulnerable?

Because old machines DO break down, and replacements are impossible to get anymore. Sorry, but this is my bailiwick, and while old hardware is indeed secure, it is also fragile, decrepit, and likely to fail.

What this REALLY is an argument for is new systems set up without any external connections in the way the old system is. I don't know why it comes as a surprise to people, but you actually CAN have a usable computer system that isn't hooked up to the internet. Indeed, you could plop a modern desktop in a building wired in the 1940's and it will work perfectly well. "But how do you get patches and security updates?" Well, either you don't, because how useful is a security update geared for an internet connected machine going to be meaningfully useful on a machine NOT on the internet, or you bring it in on USB or (GASP!) disk.

What this should NOT be used for is an argument in favor of not updating equipment for our nuclear arsenal. I've seen an article this very week (sadly, I cannot remember where) how the arsenal is withering on the vine due to intentional neglect and failure to modernize. This just seems to be more of the same.

Grim said...

Not on a USB stick, at least not for a military system. They are sternly forbidden even for computers connected to the SIPRnet, which is just for Secret-level data.

I wonder if it wouldn't be possible to manufacture replacements -- maybe not 8" disc drives, but something suitably incapable of internet connectivity. Hardwire and analog could still be our guideposts, even if we're building new stuff.

Dad29 said...

Why spend billions switching from a system that is relatively safe to one that’s potentially more vulnerable?

Because "spending" is the middle name of DOD.

Let's also recall that an IBM/360 runs all the Apollo ships. That's so old that most people under the age of 50 cannot tell you what OS runs the 360.

jaed said...

The USB-stick prohibition is because you can use a USB stick to transfer data—in and out. Anything that can transfer data poses a similar security risk, whether it's a wireless card, a disk of any sort, a USB stick, etc.

USB sticks can be extremely small and easy to hide, so there's that. But anything that plugs into a standard connector will have alternative items that can be plugged into that connector. If you have a Firewire port, you can plug anything that speaks Firewire into it, and so on, so any port is a potential security hole.

james said...

MikeD is correct. Everything wears out, and eventually you run out of spares.

Have you noticed the U-curve for computer memory? Cutting edge stuff is expensive, standard is commodity and cheap, and memory for old machines is rare and expensive again.

MikeD said...

The USB-stick prohibition is because you can use a USB stick to transfer data—in and out. Anything that can transfer data poses a similar security risk, whether it's a wireless card, a disk of any sort, a USB stick, etc.

This. One of the fun duties I had while I was in the Army was Information Systems Security Officer (which was a fancy title for, the guy responsible to make sure all the floppy disks were locked up). Bringing a USB drive is strictly verboten in a SCIF, it's true. It was also forbidden in the 1990s (my era) to bring in ANY form of magnetic recording material (which included cassette tapes, VHS, or floppies). And yet, we DID have floppies in the SCIF. Why? Because it was sometimes necessary to use them to transfer data from machine to machine.

The security rules are in place for good reasons, but by the same token, there are exceptions to those rules also for good reasons. I can almost guarentee you there are USB drives existant in the tech shop of a modern SCIF. Simply because there are times when to perform a computer repair, you need to patch the machine with drivers that cannot be obtained any other way (say, drivers for a network card, for example).

I wonder if it wouldn't be possible to manufacture replacements -- maybe not 8" disc drives, but something suitably incapable of internet connectivity. Hardwire and analog could still be our guideposts, even if we're building new stuff.

A 3.25" floppy is just as incapable of internet connectivity as a 8" floppy is. The difference is, you can't physically take an 8" floppy out of a SCIF and plug it into the average COTS computer and read the contents. But that's not to say a spy agency (the folks who actually would WANT to get their hands on the contents of that 8" floppy) can't get their hands on an 8" floppy drive. Internet connectivity has nothing to do with the media, and all in how you build the machine. It is simplicity itself to make a computer incapable of connecting to the internet... remove its network card. Or simply don't wire the building it's in to the internet, then you can have a network card, and it will never ever reach the internet. WiFi is something computers are capable of using, IF the computer has a WiFi network connector in it. You eliminate that problem by disallowing cellphones (which can be used as WiFi hotspots) or simply removing the WiFi device from the computer. Literally anyone with experience building a computer (something I've been doing since the 1990s) could tell you how.

This is a non-issue. Security equal to the cold war equipment can be achieved on a modern PC by even a poorly skilled computer tech with a screwdriver. I refuse to accept the premise that in order to safeguard our nuclear arsenal, we must steadfastly continue to operate with equipment that is outdated, subpar, and ultimately vulnerable to malfunction and breakdown.

David Foster said...

"With everything hardwired and analog"...contrary to typical journalistic useage, 'analog' is not actually a synonym for 'old fashioned.' The missile guidance computers are in fact digital, as are the launch codes...indeed, so is are the 8" floppy drives.

There is no sane reason to even consider attaching these systems to the Internet. And a lot of critical systems (water treatment plants, for example) *are* being connected to the Internet basically for reasons of operational convenience (or just perceived coolness!) without adequate risk controls.




E Hines said...

Why spend billions switching from a system that is relatively safe to one that’s potentially more vulnerable?

Because old machines DO break down, and replacements are impossible to get anymore.


They're also maddeningly slow. I defended a region of North America using computer equipment of the era, and the frame time was [too long] and lengthened from there as processing needs increased from increasing numbers of aircraft needing solutions, increasing clutter from ECM needing filtering, etc, etc, etc. Often, too, with that processing power and speed, the computer's intercept solutions were wrong, requiring a Controller, depending on where we were in an intercept, either to go manual or to force the computer to recalculate the solutions.

I wonder if it wouldn't be possible to manufacture replacements -- maybe not 8" disc drives, but something suitably incapable of internet connectivity.

We already do, and with awesome capability. As MikeD pointed out, just don't plug in the Ethernet cable (or remove the NIC), and don't turn on the radio (or remove the wireless NIC). Or plug in the Ethernet cable to the local secure net, but don't connect that net to the Internet, only the DoD-approved and used secure net--and not even that, unless there's a legitimate need-to-know analog for the local classified net to be connected to DoD's classified net.

And: Faraday cages. When my company delivered its F-22 simulators to the USAF, the rooms into which we installed them were large Faraday cages, by requirement and design when those facilities were built or modified for the acceptance. Also, recall the FCC's requirement (certification of compliance with which comes with nearly every electronic device we buy--you all read that fine print, yes?) that no part of the device radiate in such a way as to interfere with other devices that might be or become nearby. The MIL-SPECed version of that is quite a bit more stringent.

The whole thing comes down, not to maximally secure equipment (necessary, certainly), but to strengthening the weakest link in most any chain: the humans using or otherwise with access to the equipment.

Eric Hines