The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
Computer Virus Hits U.S. Drone Fleet by Noah Shachtman for Wired.
More than likely this outbreak is as a result of the military’s entitlement culture, whereby senior leadership and certain organizations believe they are above following the rules set forth by USCYBERCOM. When those who are most at risk of being targeted for attack are not adhering to sound security practices these things will happen.
The only bright shining spot is reading that host-based security system (HBSS) detected the malware. Although, if configured and implemented properly, HBSS should have not only detected but prevented the malware from being installed. Using a layered defense approach at the workstation layer should have also prevented the outbreak from happening.
But again, this points back to the entitlement culture. Many DoD system administrators falsely believe their systems should be waived from adhering to published security directives ostensible because the security controls prevent these mission critical applications from performing their required functions. Rather than work with the network security staff to work through functionality issues, these system administrators cut corners, putting not only their own network but the entire DoD GIG at risk.
When is DoD going to learn to say no? USCYBERCOM was supposedly commissioned to do just that. Unfortunately it appears as if this is just more of the same.
39 notes
-
coffeebugg reblogged this from jark
-
jark posted this
