Cyberattacks on weapon systems and the WMD response from the losers of the cyber arms race

Wired (March 10, 2021):

The Dire Possibility of Cyberattacks on Weapons Systems

” … Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime. But there is another type of high stakes system that gets much less attention: weapons systems. These include guided missiles, missile, and anti-missile systems, tanks, fighter jets, and more—all of which are computerized and possibly networked. We can imagine that weapons systems contain security vulnerabilities similar to most other information systems, including serious ones.” (…)

“Conducting a cyberattack of this kind would require not only hostile intentions, but also the existence of security vulnerabilities in the controlling systems. In order to exploit such bugs, the attacker would also need access to that system, which is not easy to obtain. But these obstacles are not impenetrable.” (…)

“To avoid the risk of tampering, these sensitive systems should remain in non-public networks, isolated from public access. While air-gaps can be bypassed, it would still be challenging to maintain reliable enough access to such protected systems to prepare and execute attack plans. This point is highlighted in a report from the École Spéciale Militaire de Saint-Cyr, the special military school of the French Army, which details the insight on cyber resilience of weapons systems. The report notes that “weapons systems structures are designed to have very few points of access or openings to cyberattackers … not only because of their limited interconnection, but also because they use atypical technologies.”

“Even so, risks of supply-chain compromise remain. When malicious or fraudulent elements are inserted into the system, it may impact its operation or integrity. Such risks are not merely imaginable. Suspicions that such compromises have already happened appear in a report by the US Defense Science Board. In it, the task force mentions “instances that may have been unsuccessful attacks on critical weapons systems via malicious insertion.” While unconfirmed, the ability of external actors to tamper with off-limits systems is worrisome, especially when one imagines the consequences of losing control over weapons systems that can direct strikes.”

The main danger is probably 1) spies within the US military, and 2) domestic patriots who want to destroy the neoliberal military-industrial complex that have turned constitutional democracies into surveillance regimes.

Aldrich Ames, Robert Hanssen, Ana Montes.

Edward Snowden, Reality Leigh Winner, Chelsea Manning.

Plus many other (embarrassing) spy cases, cf what James M. Olson has written about this topic, in To Catch a Spy and Fair Play.

But what the heck, let’s just naively hope that cyber warriors today are smarter and more safety-minded than those who caused military and intelligence scandals in the past, and that they are not as complacent as the civilian sector. Bruce Schneier:

On Not Fixing Old Vulnerabilities

“How is this even possible?”

“| …. 26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated.|”

“26%!? One in four networks?”

“Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.”

“WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. It primarily affects older, no-longer-supported products like Windows 7. If we can’t keep our systems secure from these vulnerabilities, how are we ever going to secure them from new threats?”

Here’s the “catch-22”: if Western states make our digital-dependent weapons totally hack-proof while other states are vulnerable to being hacked by liberal countries, it will give authoritarian regimes a reason to fight very dirty in order to survive, by for example cooperating with patriotic domestic activists who are basically in a (cold) civil war against the ultra-liberal governments who run the West today.

The new dual-use technologies of the 4IR (fourth industrial revolution) have turned the world into an even more absurd place, but now it’s also a very dangerous surreal place, so that’s why I recommend creating an (almost) purely non-online defensive system described in a series of articles beginning with this one here. But even this system, while not being very technically difficult to build, does require a lot of work, reducing unemployment, but still revealing how much it demands to solve the problems caused by the idiot geniuses in Big Tech…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s