Forgot your password?
typodupeerror
The Military Data Storage Media

US Nuclear Missile Silos Use Safe, Secure 8" Floppy Disks 481

Posted by timothy
from the not-the-onion dept.
Hugh Pickens DOT Com (2995471) writes "Sean Gallagher writes that the government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven't changed much and there isn't a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""
This discussion has been archived. No new comments can be posted.

US Nuclear Missile Silos Use Safe, Secure 8" Floppy Disks

Comments Filter:
  • by Anonymous Coward on Tuesday April 29, 2014 @10:14AM (#46867669)

    Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.

    No, they don't. Claiming obsolete hardware and software is more secure is just a thinly veiled security through obscurity claim. There are other claims here; the machines are airgapped, and I suspect that the physical site security is pretty good; but the use of old software and hardware adds nothing at all to that.

  • by EmagGeek (574360) <gterich@@@aol...com> on Tuesday April 29, 2014 @10:15AM (#46867683) Journal

    The silo wins the security battle through two things:

    1) Physical security
    2) Not being on the Internet

    Yes, it's old stuff. Who cares? Nobody can touch it, and it's not on the global network. Not much else is required.

  • by mrchaotica (681592) * on Tuesday April 29, 2014 @10:19AM (#46867719)

    There are other claims here; the machines are airgapped, and I suspect that the physical site security is pretty good; but the use of old software and hardware adds nothing at all to that.

    You have to admit, the old hardware makes it hard for some random officer to violate the air gap by plugging in his USB-using cellphone.

  • by Anonymous Coward on Tuesday April 29, 2014 @10:19AM (#46867723)

    Not so much. This is actually more along the lines of "If it aint broken, don't fix it".

    Some systems are so deeply entrenched that replacing them often becomes a nightmare and you are not necessarily gauranteed with a more stable, robust replacement system.

    Even though some of these systems are old, they are often very very stable.

  • by The123king (2395060) on Tuesday April 29, 2014 @10:22AM (#46867743)
    Loving the sarcasm, but seriously, these antiquated systems are probably a lot more secure than many modern systems. After all, it's next-to-impossible to hack one of these missile control systems if they're not connected to the internet and code must be loaded on 70's era floppy disks (which are next-to-impossible for Joe Bloggs to get hold of)

    Sure, it's terrible energy-inefficient, and the support costs must be through the roof, but i'm more comfortable knowing that the missile control systems are running on pre-internet (and even ARPANET?) systems. It means the many enemies of the US cannot just hack into the missile control systems and start armageddon. No internet, no hacking, no problem.
  • by Thanshin (1188877) on Tuesday April 29, 2014 @10:25AM (#46867783)

    The silo wins the security battle through two things:

    1) Physical security
    2) Not being on the Internet

    3) Armed guards with instructions to shoot on sight.

    They are to security what rubber hoses are to cryptoanalysis.

  • by chiefcrash (1315009) on Tuesday April 29, 2014 @10:31AM (#46867845)
    "Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection"
  • by Andy Dodd (701) <atd7NO@SPAMcornell.edu> on Tuesday April 29, 2014 @10:31AM (#46867849) Homepage

    It was interesting, that also in BSG they claimed that the fleet did have much newer starships - the Galactica was being decommissioned due to being obsolete.

    All those other starships in the fleet perished quickly due to network infiltration by the Cylons. The only remaining operational hardware was the non-networked stuff.

  • by Attila Dimedici (1036002) on Tuesday April 29, 2014 @10:36AM (#46867905)
    Actually, it does. The fact that you cannot load data on these machines using a USB device does mean that they are more secure. The fact that anybody carrying around something that would allow them to quickly and easily load software (whether malicious or not) onto these machines would be obvious to anyone watching them does in fact increase security. The security does not come from the fact that the hardware is old, but from the fact that attempts to load software onto it are obvious. And on the software side it is not the fact that it is old that adds security, rather it is that the people who are knowledgeable enough about it to hack it are extremely rare. In both cases, these facts are a result of them being old, but the age is not what he is claiming makes them more secure. Rather it is a side effect of them being old.
  • by bluefoxlucid (723572) on Tuesday April 29, 2014 @10:41AM (#46867947) Journal

    Actually, you're wrong.

    These old networks are airgapped in so many ways, not just by removing the CAT6 to the Internet. The disks themselves are airgapped, as they're not constantly in systems which can read them; likewise, there's a huge airgap between a spy and a reader: if the disks are stolen, they need a huge honkin' machine to read them, or they need to use base facilities which have cameras and guards. Further, the media is low-density: you need to physically transport a truckload to get what fits on a modern CD-R, much less on a 64GB microSDHC.

    Just as with 1000 iteration hashing, these large systems impose a time limitation on mass copy. If you want to access this top-secret file, it's merely 15kB of text stored on a 40kB disk. If you want to steal the wealth of information archived here, you must find the disks you want and then copy each of them. If you want it all, you must spend weeks if not months copying each individual disk to a portable flash drive.

    There are some real difficulties involved in stealing this much data in this form. That provides a layer of security by requiring high-visibility or excessively slow methods of data access, both of which sharply increase risk in espionage. You are more likely to catch and interrupt any significant espionage attempt in this model than in a model where we put all our stuff on a USB drive that's taken to a modern machine in a secure room.

  • by istartedi (132515) on Tuesday April 29, 2014 @10:42AM (#46867951) Journal

    This is way out of date. We need to put our missiles in The Cloud, and re-do the launch control UI so it looks pretty. Get on it right away, I expect nothing less than $10 billion spent for a non-working system. Boy though, the guy wearing the fedora will think it's the best thing in the world. It is good for him too. It'll pay off most of his student debt.

  • by Albanach (527650) on Tuesday April 29, 2014 @10:50AM (#46868041) Homepage

    After all, it's next-to-impossible to hack one of these missile control systems if they're not connected to the internet and code must be loaded on 70's era floppy disks (which are next-to-impossible for Joe Bloggs to get hold of)

    This sounds a whole lot like security through obscurity. Not that obscurity isn't good if it makes things harder, but it would be a mistake to rely upon it in any way.

    Given the agents you are trying to secure against - i.e. foreign governments - the resources to acquire and develop for 70s and 80s era equipment are easily obtainable.

    If the technology being old leads to a lack of developers familiar with the equipment and software, it could quickly become a significant hindrance to good security.

  • by Registered Coward v2 (447531) on Tuesday April 29, 2014 @10:52AM (#46868065)

    Instead of "Security through obscurity", we now have "Security though obsolescence."

    Actually, obsolete is in the eye of the user. Sure, you wouldn't want that as a computer you use for watching videos; but if it reliably does its designed job than it is not obsolete. Old hardware has an advantage; it has been tested and debugged and known to work as planned. Replacing it would involve a lot of work for little gain if the old stuff works; and you run the risk of introducing new bugs and problems that could cause serious problems. A system designed today probably wouldn't rely on ancient hardware; however as long as you can keep it working replacing it is neither cost nor operably beneficial. Security is an added benefit.

  • by Albanach (527650) on Tuesday April 29, 2014 @10:54AM (#46868095) Homepage

    Correlation != Causation. You could just as easily say that he cured the budget deficit and created more jobs than any president in the previous hundred years because he had a better equipped office.

  • by Anonymous Coward on Tuesday April 29, 2014 @10:58AM (#46868153)

    Those silos are protected by the most dangerous weapon system in the US Military inventory: A bored 18 year old with an automatic weapon.

  • by badboy_tw2002 (524611) on Tuesday April 29, 2014 @11:04AM (#46868209)

    Its not security via obscurity because the real security doesn't rely on the lack of 8" floppies. The real protection is a) not being hooked up to the internet, b) lots of doors & guys with weapons standing between you and the control station. But I guess if some airforce commander throws a few bones to a dumb journalist and has a laugh about it back at the club with the boys, is that obscuring the real security?

  • by fuzzyfuzzyfungus (1223518) on Tuesday April 29, 2014 @11:16AM (#46868343) Journal

    At least they are no longer using a clay tablet reader.

    I'll say one thing for clay tablets: few other formats just shrug when somebody burns your civilization to the ground...

  • by MightyYar (622222) on Tuesday April 29, 2014 @11:34AM (#46868547)

    If you take all that old stuff apart, little of it looks very hard to manufacture. And that's if you need to... most can probably be reconditioned or simply acquired from spares. Injection molded plastic will certainly get brittle, but making new 70s-era injection molded parts is not rocket science... if you even need them to be injection molded plastic. Machinable or rapid prototyped materials probably would work just fine. Remember that they don't need consumer-level cost effectiveness here.

  • Reality (Score:5, Insightful)

    by DerekLyons (302214) <fairwater AT gmail DOT com> on Tuesday April 29, 2014 @11:37AM (#46868567) Homepage

    Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking?

    You find it surprising to find that a fictional world is built to accommodate the plot set in it? Seriously, fiction is a very, very, bad way to evaluate things for the real world.
     

    I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.

    Disclaimer: While I don't play a nuclear weapons technician on TV, I was one in real life. (Fire Control Technician (Ballistic Missiles) Second Class (Submarines), USN Submarine Service 1981-1991.) I've worked with weapons system components (both installed and spare) that were years and decades old, and have studied the issues as a civilian as well.
     
    Actually, there's a number of downsides, most of which should be obvious with a few minutes serious thought:

    • Spares - as your systems recede ever further from current technology, the cost of spares goes up and the number of potential suppliers goes down. One of things that drove the (many times delayed) conversion of the SSBN's from Trident-I to Trident-II in the late 90's/early 00's was the drying up of the spares pool. (One of the key reasons they were able to delay so long was they were able to rely on a pool of spare salvaged from the older '41 boats when they were decommissioned in the early 90's.)
    • Maintenance - as components age (and they do age, whether installed or sitting in a warehouse), you start climbing up the right hand side of the bathtub curve [wikipedia.org]. This means that your maintenance costs and downtime start rising sharply and also exacerbate the spares issues. I've personally had to replace cables where the insulation was damaged by aging - and had to go through three sets of spare cables to make up one good one. (And the trainers really kill you here, as they're used and abused much harder than the operational hardware.)
    • Support - as with spares, the farther you recede from current technology and practices, the harder it becomes to find people and companies with the experience to support and maintain the systems. Eventually you reach a closed ecosystem where the military relies on local tribal knowledge and contractors rely on a pool of specialists that dwindles as the old guys retire. (You can overcome this, but it costs significant money.)
    • Compatibility - when you (as the USAF has done) upgrade parts of the system but not the rest, you end up with all manner of compatibility issues. You either have to limit the performance of the new hardware, or build specialized interfaces, or build in emulators, etc... (The latter two drive up costs and increase the potential sources for faults and bugs.)

    Etc..., etc...
     
    The USAF claiming that older tech makes them more 'safe' is just making lemons into lemonade. (And the situation is mostly a product of how far the missiles are from being a priority.) Mostly, I evaluate the claims as a way to deflect attention from the number of serious incidents they've had recently and from their significant personnel problems.

  • by Peter Simpson (112887) on Tuesday April 29, 2014 @11:48AM (#46868727)
    I think the scary thing is that somewhere, in a large warehouse, our government has a stock of 8-inch floppies. Either that, or they are buying them from Initech at ridiculously high, sole-source prices. Come to think of it, the latter case is probably more likely.
  • by FlyHelicopters (1540845) on Tuesday April 29, 2014 @11:54AM (#46868799)

    Since it is secure via remote hack and secure again a USB drop, then your only remaining option is a local intrusion.

    That is when the guys with guns come in handy, and the military is good at that. :)

    Are places like Ft. Hood secure? No. Is a nuclear missile silo secure? I dam well hope so...

    If not, then I'd agree there is a problem.

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...