In a page directly out of Hollywood’s Terminator script the US Navy released details today about a rogue robot helicopter which diverted twenty-three miles penetrating restricted Washington DC airspace (ADIZ) after a complete loss of command and control on August 2nd due to “software anomaly.” Considering that a trojan-infected maintenance system is partially responsible for downing a commercial airliner in 2008, “software anomaly” is speculative.
Does anyone else hear the theme music to Terminator playing softly in the background?
[Update 1:55pm] As for the Madrid 2008 air disaster, while the trojan’s role was not the cause of the crash, it was ruled a contributing factor:
[Update 3:23pm] I just read today’s DoD announcement that the most significant breach in US Military history is confirmed to have originated with foreign intelligence. The vector for the DoD attack was Autorun and removable media, same as the Madrid air disaster.
Related? Hard to tell.
While I’m certain that this is not keeping with the finest traditions of Navy transparency, demonstrated by the recent open access given 16 bloggers, I’m still left wondering if an attribution of the software anomaly may be clarified – was it due to malware?
[Update 8/28 12:12] Clarity on the Spanair crash should be given; the maintenance computer found partially responsible was indeed infected with malware however this was not an onboard flight computer. Rather, it was the ground crew policy and procedure which was interfered with by the malware-ridden system. The flight would have been grounded according to policy had the alarm triggered, however the pilot error was ruled the primary cause of the mishap.
So the pilot made an error, the takeoff warning system (TOWS) failed to alert the pilot to the error, and this TOWS system was problematic, which would have grounded the plane had the malware-infected system the ground crew was using been operating properly. Any of the three issues being resolved would have saved 154 people, and that does include the malware on the non-flight ground maintenance system, which would have been ruled a ‘contributing factor to the mishap’ in Naval Aviation. Others have said it’s tertiary – there is no such thing. There are primary causes and contributing causes for a mishap. All contributing causes are equally to blame because without them the mishap may have been avoided, and that includes malware.
There are no indications as of yet that this was the result of cyberwarfare or hacking however this remotely operated (potentially armed) vehicle would definitely become the target of command and control interruption during a cyberwar. Interruption would result in similar circumstances such as a deviation of flight. Successful command and control hacking would result in complete usability gained by an outside force, and perhaps even direction of weapons systems.
Still, paired with today’s other late breaking announcement about USB malware intentionally used by foreign intelligence back in 2008 against the US military, we should note that the motive should not be ruled out in the future. Cybercrime syndicates as well as national security actors/agents from foreign intelligence networks are equally capable of attempting this level of breach and the tactical rewards are monumental.
As Deputy SecDef W. Lynn pointed out last year:
As civilians it’s important for us to understand that there is a documented monetary incentive involved with defeating these systems. The 2009 DBIR notes the most common breach tactic tends to be in finding the ‘weakest link’ of the entire defensive structure, commonly with partnering corporations.
This means that often our unrelated companies may be targeted specifically in order to work upwards through the trust relationships in order to successfully penetrate the ultimate target. The Fire Scout systems were designed here in San Diego and they are assembled in Moss Point, MS. More Fire Scout project partner details can be found at GlobalSecurity.org’s site.
If we work for companies who are partnered with defense contractors, two words should remind us all how connected we are: Stuxnet & SCADA. I urge anyone to check to see if their companies have data pathways open with defense contractors and take appropriate precautions. Don’t be that open door.
Author ESET Research, We Live Security