Posted by: David Scott
Add new tag, computer virus, danger room, keystroke logging, keystroke monitoring, malware, predator and reaper, predator drones, reaper drones, virus, wired, wired.com
Sorry – I couldn’t resist. The title of this post makes sense when we examine a recent situation affecting our military. First, I’m a veteran, and I’m proud of our forces and of my past service. Today’s critique is made in the spirit of the necessity for (quick) improvements in the realm of security.
Also, for business and individual readers, please realize that if an occurrence like this can happen in the military, just what might be the vulnerabilities and possibilities within your organizations? At your desktop?
The military serves to protect us, and to win wars against aggressors and threats. They secure us. However, a very recent event made a significant breach to the military’s own security: Hence, insecure security. A virus infected the cockpits of two types of drones: Predator and Reaper. This virus, as the military is referring to it (I might prefer “malware” in this case) is logging keystrokes.
The virus is stubborn: “We keep wiping it off, and it keeps coming back. We think it’s benign. But we just don’t know.” This, according to a source familiar with the infection, according to Wired.com. But… how can a keystroke monitoring “virus” – which can’t be “wiped” – be “benign? It can’t.
Further, terms like “wiped” mean nothing to me. If you’re attempting to remove a virus, a term like “remove” might be a little more empirical – or at least, “attempted removal.” I wipe my windshield. Not to sound too critical – I just want to bring us all to best practices, which includes best communications, identifications, and solutions.
There is another very, very, disturbing situation regarding this occurrence, and it’s a good lesson for the “local” organization – that is, yours. Officials where the virus was impacting, Creech Air Force Base in Nevada, knew about it for weeks – but didn’t report it to anyone. Air Forcs cyber-security specialists therefore knew nothing, weren’t able to do anything, and further, other elements of the military were left at risk.
In 2011, that is beyond unacceptable – it is a manifestation of the highest risk and danger. The network specialists who defend the specific air force team affected learned of the virus from an online entity, Danger Room, according to Wired.com. Rather amazing.
The four-star general who oversees the Air Force’s networks has been briefed on the infection, thanks to Danger Room’s exposure, and a larger understanding of the problem by virtue of Air Force personnel stumbling on the report by Danger Room. Can anything be more ridiculous?
The lesson for the local organization? Survey for risk, malware, virsues, breaches, thefts… report what you find. For managers, directors, CXOs… get proactive monitoring in place, and exercise it. Revisit your Acceptable Use Policy – hopefully you have one – and update it. If you don’t have one, get a documented policy in place that tells folks what they can do with systems, what they cannot do, and what they should watch for. The AUP ties closely with the Security Policy – and both should make strong reference as to where anomalies should be reported, and when: That is, immediately.
Particularly for orgs with multiple locations, share your knowledge, and IT teams should leverage their collective knowledge. But even for simple, sole-location, orgs – please recognize that many formal policies often go lacking.
Get an updated set of policies and activities going for the rush of challenges to modern security.
NP: Hot Tuna, Final Vinyl, original LP. Found this a few days ago; real nice version of “Hesitation Blues” to open, and I like the entire album.