by Constantine von Hoffman

Virus in Attack Drones a Symptom of Military’s Bigger Cyber Security Problems

Oct 12, 20113 mins
Data and Information SecurityData BreachIntrusion Detection Software

It’s a bird, it’s a plane! It’s a hacked attack drone!

When the U.S. fleet of surveillance and attack drones was infected by a virus, the Air Force’s cybersecurity specialists found out from

United States Cyber Command
the media — two weeks after the incident began.

Which is more disturbing: The lax security or the CYA response?

On Friday, Wired broke the story that “a computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.”

The virus had been detected two weeks earlier at Creech Air Force Base in Nevada, which handles the majority of U.S. drone missions around the world. There are no indications the virus has compromised the system – either by damaging information or transmitting it to an outsider. However, it has proved very difficult to eradicate from the system’s computers.

It is likely the virus was introduced to the system via a disc or removable drive. Because of the danger these media pose, their use is highly restricted in much of the military. As Wired wrote:

But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

I’d love to know what the protocol was for handling, storing and dis-infecting these drives. Then again, maybe I’m happier not knowing.

While it is disturbing to realize that the drones capable of killing large and small groups of people could have been hijacked, it gets worse. Even though the virus had been in the drones’ systems for at least two weeks before the story ran, the 24th Air Force, the unit responsible for the service’s IT security, only found out about it by reading the Wired article.

Without more information it is impossible to say if this second lapse is because of a cover-your-ass effort or an organizational failure. It does highlight a huge weakness in military IT security.

Each service has a unit like the 24th, which “establishes, operates, maintains and defends” that service’s networks. These units are then supposed to provide people and info to U.S. Cyber Command, which has overall responsibility for security. Because the Air Force has no centralized network for the 24th to oversee it is difficult to see how it can fulfill its mission without embedding people with every unit or base that has its own network. That would take an awful lot of people.

The other services face similar issues. It was only last year that the Army, Navy, Marines established commands to coordinate the various cyber security units within each service.

That’s a lot of gaps to fill.