Navy Under Attack

Collision.JPEG

So there was another collision of a U.S. Navy Destroyer.


The Navy destroyer collided early today with an oil tanker off of Singapore. 


10 sailors are missing and there is significant hull damage. 


This is the 4th known accident just this year of our Navy vessels in Asia waters.


And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 


How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world–that are supposed to be protecting us–just simply collide with other ships like toys in a bathtub?


These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea–whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 


Yet, they just keep crashing…


There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.


Either way, how many collisions does it take for this to become a concerning problem with our Navy’s ability to manage the ships under their command and be ever war-ready. 


Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 


We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.


A few months ago, there was a hackathon to test the Navy’s systems’ security–and most certainly, this is a crucial type of test that we potentially face every day in real life.


These are challenging times for everything cybersecurity, so let’s make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies–it’s not just our Navy in the spotlight and at risk. 😉 


(Source Photo: With attribution to CNN and adapted from here)

Losing Deadly Control

Skull

So today we hear that there was a horrible mistake in which at least 52 sites (in 18 states here and 3 other countries) were inadvertently sent LIVE anthrax!!!


This after a prior incident in December where ebola had been mishandled and a technician potentially exposed. 


Again last August, they announced that a lab had accidentally cross-contaminated benign bird flu virus with a deadly strain of it. 


And there are at least five other major mishaps just since 2009 including more with anthrax and bird flu as well as with Brucella and botulism–these involved everything from using improper sterilization and handling techniques to inadvertent shipments of deadly live germs. 


Also in July, the CDC discovered six vials of LIVE smallpox in an unused storage room at the NIH.


This is reminiscent of similar gaffes by the military with an inadvertent shipment in 2007 by the Air Force of six nuclear warheads while the crew was unaware that they were even carrying it.


And here we go again (a doozy this time), information was disclosed in 2013 that we nearly nuked ourselves (specifically North Carolina) with 2 hydrogen bombs (260 times more powerful than that exploded on Hiroshima) in 1961. 


Yes, mistakes happen, but for weapons of mass destructions that we are talking about here, there are layers of safeguards that are supposed to be strictly in place. 


After each incident, it seems that some official acknowledges the mistakes made, says sorry, and claims things are going to be cleaned up now. 


But if the same or similar mistakes are made over and over again, then what are we really to believe, especially when millions of lives are at stake?


We have too much faith in the large bureaucratic system called government that despite how well it could be run, very often it isn’t and is prone to large and dangerous errors and miscalculations.


With all due respect for our experts in these areas, we need to spend a lot more time and effort to ensure the safety of our most dangerous stockpiles–be it of nuclear, chemical, biological, or radiological origin. 


We can’t afford any more mistakes–or the next one could be more than just a simple (not) embarrassment.


What good is all the preparation to win against our enemies, if we are our own worst enemy or we have meet the enemy and it is us! 😉


(Source Photo: Andy Blumenthal)

6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

SCADA In Pictures

SCADA In Pictures

SCADA 3 SCADA 4 SCADA

So SCADA are Supervisory Control and Data Acquisition systems.

They are a form of Industrial Control Systems (ICS) that monitor and control major industrial processes from power generation, transmission, and distribution, to water treatment, chemical production, air traffic control, traffic lights, building controls, and more.

These are part of our nation’s critical infrastructure.

In the lab, we are able to use tools to capture and analyze communication packets and edit and re-use them to:

– Turn on and off lights

– Open/close perimeter gates

– Control water and gas pipelines

– And even open and close a bridge

This was very scary!

No one, unauthorized, should be able to do this in real life, in the physical world.

This is a major security vulnerability for our nation:

– SCADA systems should not be openly available online, and instead they should be able to be controlled only either locally or remotely through an encrypted virtual private network (VPN).

– SCADA systems should not be available without proper access controls–there must be credentials for user id and passwords, and even two-step authentication required.

No one but vetted, cleared, authorized, and trained personnel should be able to monitor and control our critical infrastructure–otherwise, we are giving them the keys to disrupt it, destroy it, and use it for terror.

We owe our nation and families better, much better.

(Source Photos from lab: Andy Blumenthal)

Security Is A Joke!

Fascinating video with Dan Tentler on the Shodan Search Engine…which CNN calls the “scariest search engine on the Internet.”

The search engine crawls the Internet for servers, webcams, printers, routers, and every type of vulnerable device you can imagine.

It collects information on more than 500 million devices per month and that was as of last year, so it’s already probably a lot more.

Tentler shows the unbelievable amounts and type of things you can access with this, including our critical infrastructure for the country –from utilities to traffic lights, and power plants:

– Private webcams
– Bridges
– Freeways
– Data Centers
– Polycoms
– Fuel cells
– Wind farms
– Building controls for lighting, HVAC, door locks, and alarms
– Floor plans
– Power meters
– Heat pump controllers
– Garage doors
– Traffic control systems
– Hydroelectric plants
– Nuclear power plant controls
– Particle accelerators
– MORE!!!!

Aside from getting information on the IP address, description of the devices, locations (just plug the longitude and latitude into Google for a street location), you can often actually control these devices right from YOUR computer!

The information is online, open to the public, and requires no credentials.

– “It’s a massive security failure!”

– “Why is this stuff even online?”

Where is our cyber leadership????

>>>Where is the regulation over critical infrastructure?

If there is a heaven for hackers, this is it–shame on us. 😦

Beware of Botnets

Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you–they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity.

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive.

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money.

The video demos an example of botnets with a variant of the Zeus trojan.

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone–eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse.

We need to be aware of what’s possible, maybe even probable.

Is your computer infected and you don’t even know it yet?

Under The Beautiful Sea

Under_the_sea

The Defense Advanced Research Project Agency (DARPA) is looking for a place to stash some new military capabilities.

In a DARPA news release (11 January 2013) it states they are looking to support the navy by placing hibernated deep-sea capsules with payloads at under water locations and at the seafloor strategically around the globe–“almost half of the world’s oceans are more than four kilometers deep” providing “cheap stealth”.

The capsules with carry non-lethal payloads for “operational support and situational awareness”–such as command, control, communication, computers, intelligence, surveillance, and reconnaissance (C4ISR). 

Examples of pre-deployed payloads could be unmanned aerial vehicles (UAVs) and probably, unmanned underwater vehicles (UUVs). The release specifically states that this is “not a weapons program,” but you could imagine future evolutions of this.

The initial capabilities sought are for “situational awareness, disruption, deception, networking, rescue, or any mission that benefits from being pre-distributed and hidden.” 

The deep-sea capsules will need to survive under extreme pressure and be able to communicate at vast ocean depths to be remotely awoken and recalled when needed. 

Having capabilities available when and where needed–from the bottom of the sea to forward deployment–potentially mitigating some use of costly and non-stealth land bases.

I think this is an exciting idea especially since China was able to demonstrate its anti-satellite missiles in January 2007 in shooting down its own satellite, and I would think that these new underwater pods being sought may be able to provide some alternatives for sensing and communicating in conflicts where satellites are destroyed or disabled and/or other military muscle in not readily available. 

(Source Photo: here with attribution to Rakel SdPC)