Stories
Slash Boxes
Comments

SoylentNews is people

posted by Woods on Tuesday April 29 2014, @02:30PM   Printer-friendly
from the still-better-than-laserdisc dept.

Ars Technica reports that the US government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven't changed much and there isn't a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which are used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world."

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Thexalon on Tuesday April 29 2014, @02:55PM

    by Thexalon (636) on Tuesday April 29 2014, @02:55PM (#37684)

    But you have to admit it works: If there are air gaps and multiple trained humans between the general network and whatever it is you are trying to secure, then in order to breach the system you have to social engineer the multiple trained humans. And while the bad guys could get their hands on 8" floppies, they'd have a much harder time doing that than, say, poking Internet Explorer the right way from a malicious website.

    I don't think that's overkill for something that could kill millions of people with a single mistake.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=2, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by VLM on Tuesday April 29 2014, @03:02PM

    by VLM (445) Subscriber Badge on Tuesday April 29 2014, @03:02PM (#37685)

    A large component of a strategic weapon deterrent is maximizing uptime and hiding downtime (if any).

    So using MSIE would be fairly idiotic because every "security expurt" who got his credentials out of a cracker jack box can tell exactly when and how and why your strategic deterrent isn't a strategic deterrent. But nobody really knows when the 8 inch floppies are working or not, and for a strategic deterrent weapon system that is just awesome.

    Another thing to consider WRT maximization of uptime and hiding downtime is there seems to be absolutely no upside for public release of anything relating to a gradual upgrade or a forklift upgrade. So as a psyop I'm surprised they didn't just show of racks of R390 radios (I used to own one... nice radio, still have the "mobile" R392 model in my basement) and B-17 command radios and such just to mess with the other guys.

    So say they have actually moved in secret to the Amazon web services cloud. What's in it for them to tell us all is ..... uh what exactly?

  • (Score: 2) by Blackmoore on Tuesday April 29 2014, @03:22PM

    by Blackmoore (57) on Tuesday April 29 2014, @03:22PM (#37696) Journal
    So let's assume that they are running one of the "big boxes" that was sold in the 1980's; even if you knew what OS it was running (and i kinda expect that it isn't - i expect a single purpose designed for the location)
    • there is the air-gap and multiple layers of military personnel in the way.
    • 8 inch floppies are really not easy to get.
    • the system does not have internet, modem, USB, or other means commercially available to transfer files.
    • even a new hard drive would be difficult to install without an arcane physical interface; and the appropriate paperwork allowing the shutdown of the hardware.

    i think i'm ok with this.

  • (Score: 3, Informative) by Sir Finkus on Tuesday April 29 2014, @03:25PM

    by Sir Finkus (192) on Tuesday April 29 2014, @03:25PM (#37697) Journal

    Well, you'd think, but the launch code for many nuclear sites were literally 00000000 for more than a decade. The only reason we haven't blown us or someone else up accidentally yet is pure luck. If you're interested in this kind of stuff, I'd highly recommend Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety by Eric Schlosser.

    • (Score: 3, Interesting) by Thexalon on Tuesday April 29 2014, @03:45PM

      by Thexalon (636) on Tuesday April 29 2014, @03:45PM (#37708)

      Well, you'd think, but the launch code for many nuclear sites were literally 00000000 for more than a decade.

      Ok, let's say you're General Jack D Ripper and you're trying to get the US to launch the missiles, so you pretend to be President Merkin Muffley and send in possible codes to convince the silos that you do have the authority. You only need to get one of, say, 100 silos to actually launch in order to trigger the nuclear war you want so much, but you don't know the launch code (only President Muffley has that).

      Would you use one of your 100 guesses on "00000000"? Probably not, because you'd think that was far too stupid a code to be actually used. After all, your post presumes that 1. "00000000" is a dumb code to use, and 2. I as an average person wouldn't think they'd actually use it because it's so dumb. But that means it's actually smart to use that one, because it's precisely the one I wouldn't guess.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 2) by githaron on Tuesday April 29 2014, @05:07PM

        by githaron (581) on Tuesday April 29 2014, @05:07PM (#37746)

        Until General Jack D Ripper's four-year old comes for a visit...

      • (Score: 2) by tomtomtom on Wednesday April 30 2014, @08:34AM

        by tomtomtom (340) on Wednesday April 30 2014, @08:34AM (#38016)

        That's all well and good but one analogy to think about is the fact that many thousands (perhaps hundreds of thousands) of people play the lottery with the numbers 1, 2, 3, 4, 5, 6 every week, and continue to do so even despite the fact that it is well known that large numbers of people do this (which significantly increases their expected losses on buying the ticket and means they'll never win a big jackpot, ever).

        I'd definitely add the all zeroes code onto my list to try, along with all the other "obvious" codes like 12345678. They have a better than random chance of being right in most cases; and if, in the worst case, the codes were chosen truly randomly by a computer then you have as good a chance as any other code.

    • (Score: 2) by egcagrac0 on Tuesday April 29 2014, @05:32PM

      by egcagrac0 (2705) on Tuesday April 29 2014, @05:32PM (#37755)

      Thank goodness they changed it to CPE1704TKS.

  • (Score: 4, Insightful) by wantkitteh on Tuesday April 29 2014, @03:54PM

    by wantkitteh (3362) on Tuesday April 29 2014, @03:54PM (#37716) Homepage Journal

    Hell yeah, the people who designed it wrote the book on paranoid and... I was going to write "over-engineered the hell out of the security", but as far as security of nuclear weapons goes, there's no such thing as over-engineering. I can imagine some contractors pitching to replace some part of the system with an Internet connec - *sound of angry security scheme designers smashing the presentation laptop to pieces*

  • (Score: 0) by Anonymous Coward on Tuesday April 29 2014, @04:00PM

    by Anonymous Coward on Tuesday April 29 2014, @04:00PM (#37717)

    I agree with all of that and would like to add:
    If it is working just fine, do you really want to try upgrading a bunch of stuff and risk something going catastrophically wrong?

  • (Score: 2) by FatPhil on Tuesday April 29 2014, @04:14PM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday April 29 2014, @04:14PM (#37723) Homepage
    > And while the bad guys could get their hands on 8" floppies, they'd have a much harder time doing that...

    Speak for yourself! http://fatphil.org/images/floppies_for_hackers.jpg
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves