It’s ‘Defense in Depth’, not ‘Dense in Depth’

Friday, December 18, 2009

Bill Wildprett, CISSP, CISA


I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

According to the Wall Street Journal, Department of Defense officials knew about this vulnerability back in 2004 when the possible risk of Russian or Chinese signal compromise came up.  While the DoD officials thought it possible that nation-state actors could do this, they vastly underestimated Iraqi insurgents.

My favorite quote from the article:

Officers at the time weren’t concerned about adversaries intercepting the signals in Iraq or Afghanistan because drones weren’t yet common there and militants weren’t thought to be technically sophisticated.

The underlined emphasis is mine.

Helloooo!  Anyone see an obvious need for encryption?  Now we learn that the Dod is working on encrypting video feeds from Predators, Reapers & Ravens, in Iraq and Afghanistan.  Sure, an added layer of encryption will slow the feed speed down an bit, thus increasing latency, but to think that the enemy isn’t sophisticated enough, so why bother is flat-out naive and borderline stupid.

Once upon a time, none of us knew about IEDs.  That unsophisticated enemy adapted pretty quickly, forcing our troops to adapt in return;  despite cell phone jammers, etc., the enemy still uses IEDs,  all too often to horrible effect.

So why on Earth wouldn’t you want to deny any real-time situational intelligence you have from your adversary?  This is basic Poker 101 ~ don’t let ‘em see your cards…

The DoD argument is that encryption is complex and there are all sorts of signals, lots to do, etc.,  They say that now the drone video feeds are encrypted, but other video feeds such as the Remotely Operated Video Enhanced Receiver ( Rover) and the Scan Eagle drone still aren’t encrypted.

Cryptography means ‘Hidden Writing’ in Greek (kryptos, “hidden, secret”; and γράφω, gráphō,).  At the risk of an obvious Bad Pun, given the prior military use of cryptography from ancient Sparta forward, and in particular, during WWII in conjunction with the Brits, it’s Enigmatic why this happened.

A classic Epic Fail.  Shock & Awe indeed…

Cross-linked from Suspicious Minds:

Possibly Related Articles:
General Breaches
Post Rating I Like this!
Steven Stern Bruce Schneier wrote about this here:

While he thinks it's a Bad Thing, it may not be absolutely wrong not to have encrypted the data feed.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.