Last week's disclosure that terrorists were getting videos from U.S. Predator drones (see Unencrypted drone video intercepted by militants) - which was accomplished with $26 software available over the internet - may finally stir some actual action from Washington.
The Wall Street Journal reports that lawmakers are furious at this breach. See Drone Breach Stirs Calls to Fill Cyber Post:
U.S. lawmakers called on the White House to quickly fill vacant cybersecurity posts in the wake of revelations that Iraqi insurgents have learned to intercept video feeds from unmanned military drones.
Lawmakers also expressed frustration that no action was taken until this year, even though the vulnerability of the video feeds had been known since the 1990s. The story was first reported Thursday by The Wall Street Journal.
"It outrages me that this vulnerability was known since the 1990s, and they never fixed the problem," said Rep. James Langevin, a Rhode Island Democrat and a member of the intelligence and armed services committees. "It makes them look like a bunch of Keystone Kops. Who else had access to these video feeds?"
Rep. Langevin said he would press for answers when Congress returns in the New Year: "They're going to get both barrels when I return to D.C."
The news cast a spotlight on the vacancy for a cyberchief at the White House, a position announced by President Barack Obama six months ago.
It is puzzling that the cybersecurity position remains unfilled. Equally puzzling is the White House's silence on deployment of DNSSEC. Despite requirements from the White House's Office of Management and Budget requiring deployment for all .gov agencies in 2009, most agencies have not complied.
Without DNSSEC it is impossible to authenticate who is whom on the Internet, to know where email came from, or to trust SSL and VPN technologies, as I have noted in many previous posts. We are "crazy people" to think we can begin to solve cybersecurity vulnerabilites without it. This is a low cost "no brainer". Yet deployment requirements are being widely ignored.
The lack of action by the White House, the disclosures about the predator drones being known to be vulnerable for years, and reports such as this 60 minutes segment from last month do not inspire confidence that we are working as a country to solve these vulnerabilities.
Congressman Langevin has been almost a lone voice in pushing for progress in cybersecurity. We need other leaders to take these threats seriously and to take concrete actions to address them.
Comments