US Nuclear Missile Silos Use Safe, Secure 8" Floppy Disks 481
Hugh Pickens DOT Com (2995471) writes "Sean Gallagher writes that the government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven't changed much and there isn't a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""
Penis jokes aside... (Score:5, Interesting)
I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.
Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking? Kinda makes you wonder--if there's actually a cyber warfare component to the next major conflict, will the military tech that's developed afterwards end up resembling 1970s (or earlier) era hardware more so than the "futuristic" tech you see in most modern SF?
Re:Are there any old drives around that read these (Score:4, Interesting)
IBM PC architecture never used the 8" FDD to my knowledge.
I seem to remember those 8" drives on old DEC equipment - VAX minicomps and the like.
Re:this is reassuring (Score:5, Interesting)
to justify obsolete systems.
Wow, you just don't get it! Your remark implies that he is some sort of Luddite with the attitude of, "it worked for my grand pappy so it is good enough for me!"
What the man said is that they did a complete audit of the systems and given the requirements they determined that what they have is the most secure system they can come up with.
Your remark also implies that they should be all modern with a nice tomcat stack running php, python or god alone only knows what bit of Swiss cheese stack of cruft to control the very things that could quite easily turn this entire planet into a spinning ball of radioactive fire."
Re:Penis jokes aside... (Score:4, Interesting)
I do and I grinned when I heard those lines. Like so many of us on here, I work in the IT field (mainly solving problems created by others), and want to continually smack people upside the head when I hear them talking about wanting to add devices at random to the network or all the things they do on their smart phones.
The amount of people, in IT especially, who think networking everything is the be all and end all is staggering simply because these people, do not think the process through to realize the HUGE security issues they are opening themselves up to. These are the same people who think pushing the envelope of technology is a good thing until it bites them in the ass and they come running to my area to fix what it is they broke.
In a way, I get a sense of schadenfreude when I hear about people who have their phones lost/stolen with all their information on it, or who install the latest and greatest piece of software and find themselves wide open to attack.
Like most things, there is a reason not being at the forefront of technology is a good thing. You let others make the mistake and get exploited so you know how to be safe. In the case of Galactica, not being networked and not having the latest and greatest was its strongest defense.
Re:Security through Antiquity? (Score:5, Interesting)
It's secure against a Stuxnet style sabotage attack, and secure against a remote hack. But hijacking a nuclear missile silo is a different type of mission.
You could likely simulate the entire system on a damn Arduino. On site, just open a panel, swap out a cable, bypass the whole control system.
Even if the floppies themselves contained some data or codes necessary to access/program the missiles (for example), given the low data densities, by modern standards the magnetic domains are the size of cows. You could easily jury-rig up a hand-held reader from commercial components and a bit of hard-hack know-how. And brute force decrypting anything from that era should be doable on a modern laptop.
Any custom system is safe, provided the enemy doesn't know how it works. But security-by-antiquity is a particularly bad example of security-by-obscurity given the likelihood of information leakage over time by people who didn't realise that their systems were still in use (particularly if they were never told what they were used for.) And chances are, your own intelligence people aren't even going to know what to listen for: "Yeah, just some hobbyists talking about early '70s computer technology. Disregard."
Re:Security through Antiquity? (Score:5, Interesting)
On site, just open a panel, swap out a cable, bypass the whole control system.
Just so you know, when you open that panel, you're dead. They have antipersonnel mines built in, in case of unauthorized access to the panel. ICBM security doesn't fuck around.
This is the sort of security that involves lethal countermeasures, and yes, they thought of that. That too. There were geeks involved in the planning, so that other thing you think is clever? Lethal countermeasures.
Re:Security through Antiquity? (Score:4, Interesting)
I knew someone who used to work in the Blue Cube (air force base that monitored early warning systems) in the early 90s, and was told that they still used lots of PDPs, sat at metal desks, and other stuff from the 70s even though they were sitting in the heart of silicon valley.
Last I saw an 8" floppy was for the PDP-11 console that sat inside a VAX cabinet in order to help it boot up.
Now how to fix this stuff? During glasnost era I presume you could second source parts from USSR clones... You could replace the entire system and stick it on a chip and have it all done as a student project. But these computers weren't used as general purpose computers, a lot of the reasons they're kept around is because of a specific hardware interface to other equipment and because it requires people with high security clearances and a budget to design replacements (ie, no student projects). Probably a requirement too to be resistent to electromagnetic pulses which is a plus for a lot of older equipment.
Re:That big? (Score:5, Interesting)
She may actually have used a terminal for data entry, or research in the 70s; but she wouldn't have been saving to her personal floppy disk. She'd have been saving to a file in her space (highly unlikely), printing out hard copy (more likely), or hitting some "file" button to send it to her editor (most likely).
But she'd have no more clue which disks they used then a subsistence farmer from Mozambique. Her first exposure to disks would probably be reporting on the Apple II, which used Woz's famous new disk-drive-control circuits and 5 1/2" disks.