Security for dummies – a lesson for smart grid

WASHINGTON — Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

So what are the lessons. First, “security by obscurity” is equivalent to “hope is a plan”

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

Whoops!

And second : use standard protocols

Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren’t readily compatible, said people familiar with the matter.

Fake Steve Jobs: "Then I hung up"

I stopped, then. There was nothing on the line. Silence. I said, Randall? He goes, Yeah, I’m here. I said, Does any of that make sense? He says, Yeah, but we’re still not going to do it. See, when you run the numbers what you find is that we’re actually better off running a shitty network than making the investment to build a good one. It’s just numbers, Steve. You can’t charge enough to get a return on the investment.

Now there was silence again. This time I was the one not talking. There was this weird lump in my throat, this tightness in my chest. I had this vision of the future — a ruined empire, run by number crunchers, squalid and stupid and puffed up with phony patriotism, settling for a long slow decline.

“Okay,” I said. “Nice talking to you.” Then I hung up .

This rings too sadly true.

Green energy and smart devices

windpower5We’re starting to see a confluence between IT and energy that will change both industries. A windmill power data center is an interesting data point. At some time, we’re going to want to control the energy generation from the data center – for example, to run big batch jobs when the wind is blowing or to generate more power during peak billing periods or to shut down unnecessary heat producing computations during low energy periods. As smarter technologies become available for generating power from waste heat, and as carbon generation costs become integrated into prices for purchased power, the whole economics of running data centers will change and the data center will have to act like an intelligent factory – producing compute time against costs of heat production and power consumption. As we get there, we have to understand that one of the most important properties of the Internet comes from its “end-to-end” design.  Earlier networks suffered from the problem of being designed as layers, but the internet protocols and hardware were designed to solve the problem of moving streams and packets around networks of machines – considering the problem in totality, not as a set of layered components.  Modularity is not incompatible with end-to-end, but end-to-end requires an understanding of the applications and is incompatible with the component supplier view that dominates modern computer systems development.