US military will no longer use floppy disks to coordinate nuke launches

[ZiprHead]

https://www.engadget.com/2019/10/18/us-military-nuclear-missiles-floppy-disks/?sr_source=Facebook&&guce_referrer=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tLw&guce_referrer_sig=AQAAAD2rpXWpawgdrec3OwzWFcnnRu8Wc28RkclnCSGcj-tW97itLcWSh3TfExvhYcsboPKFsLiBTciY0Qy7BBz-kFrFrlqwg2CwvV5zzDfigk-Rt3UOb64wqxVjuSUM2wnzht-FEZ_27ITh3uWatu-BKxRJjlQhvifj6PUdUizGn4Eg&guccounter=2

As we alarmingly learned in 2014, the US military has been using 8-inch floppy disks in an antiquated '70s computer to receive nuclear launch orders from the President. Now, the US strategic command has announced that it has replaced the drives with a "highly-secure solid state digital storage solution," Lt. Col. Jason Rossi told c4isrnet.com.

The storage is used in an ancient system called the Strategic Automated Command and Control System, or SACCS. It's used by US nuclear forces to send emergency action messages from command centers to field forces, and is unhackable precisely because it was created long before the internet existed. "You can't hack something that doesn't have an IP address. It's a very unique system -- it is old and it is very good," Rossi said.

 

[bigfield]

The storage is used in an ancient system called the Strategic Automated Command and Control System, or SACCS. It's used by US nuclear forces to send emergency action messages from command centers to field forces, and is unhackable precisely because it was created long before the internet existed. "You can't hack something that doesn't have an IP address. It's a very unique system -- it is old and it is very good," Rossi said.

If it ain't broke, don't fix it...

As we alarmingly learned in 2014, the US military has been using 8-inch floppy disks in an antiquated '70s computer to receive nuclear launch orders from the President. Now, the US strategic command has announced that it has replaced the drives with a "highly-secure solid state digital storage solution," Lt. Col. Jason Rossi told c4isrnet.com.

...unless you need an excuse to spend some money.

 

[Keith&Co.]

But, technically, it was broke.
Because they could no longer get parts. No manufacturer was contracted to keep making stone knives and bear skins into the Iron Age. So they were almost at the point, if a part breaks, cannibalize the least important launch site to keep the rest going. Two coffee spills from a serious failure.

They were complaining about how they were painted into a corner at a recent conference, where the Admiral in charge of Navy bombs offered the benefits of our research into communication solutions.
And they don't even have to read the part about hurricanes and performance during rough seas....
Wimps.

 

[Loren Pechtel]

Ancient tech isn't going to be vulnerable to modern malware.

 

[fromderinside]

Really? You think that just because a computer uses tubes that one can't convert modern malware into punched tape messages and disrupt software programmed into the tube computers by either use of keyboards which can be run using punched tape devices or punched cards or either of the latter two individually? You are so falsified.

 

[Politesse]

Ancient tech isn't going to be vulnerable to modern malware.

Because there were no corrupted files in the floppy years...

 

[bigfield]

But, technically, it was broke.
Because they could no longer get parts. No manufacturer was contracted to keep making stone knives and bear skins into the Iron Age. So they were almost at the point, if a part breaks, cannibalize the least important launch site to keep the rest going. Two coffee spills from a serious failure.

Fair enough, but:

Without making the effort to understand exactly how they chose the new technology (probably secret anyway), I suspect they've added some new features that fix things that weren't broken. I'm guessing that the new system is networked where the old one wasn't, and this means the new system has a new attack surface which someone gets paid to make "highly-secure".

If the problem was the floppy disks then replace them with SD cards or something and update the computers if they were getting hard to maintain.

 

[Bronzeage]

General Motors kept their UNIX based network in operation through 2015. All communication was by telephone line or satellite links. For about a decade or more, every dealership and General Motors office building had a dish on the roof. I thought it was because they hated Bill Gates, but a GM engineer said they felt it was more secure, simply because Romanian hackers didn't learn UNIX in school.

I didn't really buy it. When GM came out with their Global network which communicated over the internet, it was their own proprietary program, or so they said. That engineer was probably laid off last year, anyway.

 

[fromderinside]

Proprietary corporate culture is the:

A) most direct route to failure.

B) way to silo monopolies

C) secret only to those who have it

D) opportunity for CEO removal

 

[Gun Nut]

Ancient tech isn't going to be vulnerable to modern malware.

Because there were no corrupted files in the floppy years...

The computer in question didn't even have a modern network stack.
It's like a lock picker laughing at the idea that ancient technology can keep him out of a door... until he walks up to the door to find it made out of 10 foot thick solid rock that takes 150 slaves a full day to rotate open.
.. or an expert bank robber that knows everything about physical security, iron vaults, steel safes .. trying to steal a bit coin.
Maybe he can find a taxi cab driver to take him to the internet so he can break in with a sledge hammer. Simple smash and grab.

 

[fromderinside]

Wow. We've gone from obsolescence to uninformed view of technology. I think smash and grab with bitcoin translates into find flaw in algorithm and exploit.

Not the same as gee this old stuff is so old my tools, that is knowledge of algorithms won't work for exploiting it. Turning the scene on its head to you know only new things is different from this is so old the new things can't work with it.

 

[Gun Nut]

Wow. We've gone from obsolescence to uninformed view of technology.

to what are you referring?

I think smash and grab with bitcoin translates into find flaw in algorithm and exploit.

no, smash and grab a bitcoin translates into "these old attacks are incompatible with the new targets".
More like "you're using an abacus to find the sum of 1.2 billion numbers... good fucking luck, see you next millenia when you're 10% done with that"

Not the same as gee this old stuff is so old my tools, that is knowledge of algorithms won't work for exploiting it. Turning the scene on its head to you know only new things is different from this is so old the new things can't work with it.

does not parse with what you are responding to. I suspect this may be a nitpic on the analogy so small as to be undetectable by a reasonable person.

 

[fromderinside]

I like this:

https://www.youtube.com/watch?v=xCHab0dNnj4

The entire cryptocurrency and blockchain ecology is rife with frauds, criminalities, and tulip-mania style hype and needs to be properly disposed of into the ashes of history. A “blockchain” is just a horribly inefficient append-only file which costs a literal fortune to secure without actually providing meaningful distributed trust, while cryptocurrencies are provably inferior than actual currencies for legal real world transactions. Beyond the sheer uselessness have emerged a whole host of bad ideas, ranging from the “put a bird^H^H^H^H blockchain on it” hype to unregistered (and mostly fraudulent) securities with “Initial Coin Offerings” to an invitation for massive theft in the form of “smart” contracts.

It is time for those ideas to die.The first step to disrupting this space is simply knowledge. This talk begins with a summary of why just about the entire space is effectively useless at best and downright malevolent at worst. But there is also room for targeted responses. There are opportunities for criminals to greatly step up their activity in ways that will result in massive profits to them but have the collateral effect of disrupting the underlying cryptocurrencies. On the legal front, governments already have sufficient legal authorities needed to effectively cripple the cryptocurrencies and even independent actors willing to spend a moderate sum of money can trivially and legally disrupt blockchain-based cryptocurrencies on a global basis.

Nicholas Weaver is a staff researcher with the International Computer Science Institute (ICSI) and lecturer in EECS, where he teaches machine structures and computer security. He earned his Ph.D. in computer science from Berkeley in 2003 and joined ICSI to study network security and measurement.