17 December 2009

Seriously? No encryption on predator video feeds?

Sometimes a news story appears which leaves me flabbergasted. This report from the Wall Street Journal describes how "the enemy" in Iraq and Afghanistan have been able to use a simple piece of off-the-shelf software (costing $26) to capture video feeds being broadcast by Predator and presumably other UAVs working in the theater.



This reported incident, if true, seriously beggars belief. It has been more than 20 years since commercial satellite TV has deployed effective encryption for both analog and digital video signals to protect commercial interests. And yet the military planners singularly failed to specify simple encryption for sensitive information -- the live video feed of the drone.* Most likely this was done to speed up time-to-market, or to reduce costs--but most security experts would consider this a false economy.

The article clearly indicates that this problem was known since the Bosnian conflict in the 1990's -- but military leaders felt that "local adversaries wouldn't know how to exploit it". This is a perfect storm of stupidity, with two basic blunders: a) assuming that the enemy isn't as smart as we are, and b) relying on security through obscurity. One wonders if this decision means that there are similar weaknesses in the command-and-control channel of the drone's avionics or weapons platforms?

---
*Subsequent reportage suggested this was not a live feed directly from the Predator, but rather a rebroadcast of said feed via a satellite from the local groundstation uplink. It's still a COMSEC issue however.

No comments: