The military still use bolts! And screws! And I bet if you look really hard you can find a copper wire! Some of these things are hundreds of years old!
If it works, why change it? So long as they can find a supplier of new floppy disks for the data, it seems pretty reasonable to me (and given they're nuclear missiles, a few dozen grand per disc really doesn't seem that bad). Now if there are no more suppliers of those disks at all, and no way to read/write to them (at all), then we should start being a bit more concerned.
You can buy a USB floppy drive off Amazon for $15 and a 10 pack of floppies for $10. Surprisingly the disk drive is recognized on Mac OS X and ticks away like a champ.
I saw that talk! A bit slow at starting up, but really not any worse than a few seconds of high network latency, and then your web app basically worked like a champ.
I'm wondering if it works better then current technology. If the old tech is more stable and easier to upkeep than upgrading to a modern system, then power to them. I suspect it's more of a priorities thing where the DoD rather throw money at drones or a cyber unit then on nuclear weapon systems since those are more relevant to today's world.
These systems are designed to do one thing and do it well, without error. They have been in place a long time. Because they are old does not mean they are not secure. Much like the Apollo mission computers are often quoted as being "less powerful than a calculator" does not mean that they do not work. Many military computers are not impressive from a hardware standpoint because they don't have to be.
Or said another way: nasa can go to the moon on hardware less powerful than a calculator. What kind of specs does the latest photo sharing app take to run?
Well before the launch codes were FORCED onto the generals, there were supposedly about a dozen generals who could launch nukes on their own without specific authorization from the POTUS.
Understand this was allowed initially in case POTUS was incapacitated or cut off from communication but still...
Phew. If they "upgraded" these things so they would work "in the cloud" or whatever then I'd be concerned. I certainly don't want to see a story about how generals can now launch the missiles from an iPhone app.
doesn't have to be in the cloud to have USB and thumb drives. i'm not sure it makes sense to use 8-in floppy drives.
EDIT: what happens when a drive dies? there just aren't a lot of new 8-in drives to be had i don't think. Do we have a special supplier that sells them for 10k each?
Assume that a ridiculous amount of effort went into designing and testing this device, and that this 8in drive is connected to devices that will not have an sd-card reader or USB controller available for $5 off eBay.
It might just be cheaper to buy 100 8in drives for 10k each, instead of upgrading the control systems to use thumb-drives. You'll also have to do all the paperwork to change documentatino from "insert Top-Secret launch diskette into drive" to "put Top-Secret micro-sd card into the top-secret-launch-diskette-substitude-reader-assembly (TSLDSRA)".
Security through obscurity? Old technology and keeping disconnected from the Internet are probably decent additional security measures, although they shouldn't rely on it. Like the article says though, we still want these computers to be new enough to actually work
"Old technology and keeping disconnected from the Internet are probably decent additional security measures, although they shouldn't rely on it. "
It's called an airgap, and is easily the most effective countermeasure to cyber attacks, and, in conjunction with physical security and careful 2-man control/people management, should certainly be relied on.
The airgap technique didn't work so well for the Iranians. Stuxnet was designed to jump gaps via USB keys. Luckily, 8" floppies don't have enough capacity for a virus.
Assuming you have an impenetrable perimeter is a common reason for failing to secure the interior of a network. i.e. "It doesn't matter if we use Windows XP/don't patch things/don't use encryption because it's airgapped." Then, once someone does breach your impenetrable perimeter (through an insider, side-channel, whatever), the whole thing falls.
So yes, a network designed with the assumption that it will be constantly barraged with attacks is probably more secure than one designed be people who (subconsciously or not) discount the possibility of malicious traffic ever occurring.
It's a common meme - back in 1999, when I was running IT in a startup, a lot of the recent engineers who had come from Stanford were offended by our firewall. There claim was that our network should not have a firewall rule, because, by having a firewall, we believed that we were somehow "less vulnerable" than if we had no firewall, and that if we eliminated the firewall, then all of our servers, desktops, etc... would be secured, and, if someone were to get inside our network, they would not have any advantage.
The reality, is that you want to do both - have a rock solid firewall, and secure your internal servers.
In the case of a Nuclear Missile Silo, I'd like to believe that as much as possible was run with switches, dials, and manual controls which require physically penetrating the perimeter of the silo, and having all sorts of advanced credentials, procedures, and codes to actually accomplish anything. (Said PAL codes being supplied by the President or their designate).
Stuxnet also targeted more recent machines/networks. It'd be far harder to convince Lt. Smith to insert an arbitrary 8" floppy disk into their TS work computer than a USB drive.
Not everyday you see a Top Secret sticker flashed on national television. I bet there are 20 intelligence organizations trying to read the label on that floppy disk.
> i read somewhere that they had to resort to buying them on ebay in the specific binning/stepping cause they were no longer made by the mfg
This wouldn't surprise me. A friend was working on a defense project, an avionics system. In their test/development lab they had the hardware itself, same as what's in the aircraft (an F-??, 16 probably). The display died. They couldn't do anything with it. They ended up having to contract with someone to set up the manufacturing process and conduct a one-time production run. The damn displays pushed 6-figures in cost each.
Unfortunately, modernizing these systems isn't as easy as just hooking up a modern LCD/LED display, minimally they'll have to insert some new circuit to sit between the display controller and the incompatible display to do translation. That means one more part that has to be developed with a maintenance plan setup, testing and certification done. It's kind of sad that spending close to $100k for a 6" display is cheaper than moving to a new display that would likely cost much less in the long run.
Whats up with people trying to decide what budgets of these things should be? If we're really so capable of doing back of the envelope calculations on things like "how much should I spend on maintaining nuclear silos?" why don't we just cut out all the representatives, budgeting offices, inspectors, financial planners, et al and set up a direct democracy?
Sarcasm aside, I don't know fuck all about nuclear silos let alone what say $19 million or $400 million would be used for in regards to them. So perhaps you can build your credibility on this matter some so your comment matters?
Not trying to rant but this reminds me of Paul Graham on the WhatsApp deal. He said something along the lines of: "When I hear Facebook says its buying WhatsApp for 16 billion, I think 'oh so thats what WhatApp is worth', like the Federal Reserve giving inflation numbers." But our community of expert HN company appraisers was quick to try to bash Facebook over their valuation.
If its not broken, don't fix it...and make it vulnerable to Heartblees (yes, I know the article states these systems are not connected to the internet).
On the other hand, these systems should be non-attackable via Stuxnet as USB is quite a deal younger than Floppy and I don't believe Floppies can autorun (correct me here please),
And contrary to the opinions of the General are probably massively insecure because they were invented in a time before aleph one's famous paper even came out.
Imagine a system so insecure that it will execute whatever the operator has on a floppy disk with full root permissions.
But something you really really want ... even 30 minutes after launch. You do not want a bang when you were expecting silence, nor silence when you were expecting a bang.
One would hope so. "Command And Control" is worth a read; it reviews the history of nuclear weapons, focusing mostly on their safety record. (Spoiler alert: it's bad.)
> Why would the US launch an ICBM from within it's borders when it can launch shorter range ballistic missiles from nearly anywhere in the world?
In principle, accuracy: the depressed trajectories you're thinking of tend not to be the most accurate. If you happen to NOT be fighting a full-on nuclear war, and you're just launching one for some kind of military purpose, you'll probably want to launch from land to avoid giving away the position of one of your subs.
> Less time for the enemy to react, less chance of it being known who launched the missile, less chance of the enemy detecting the launch.
You'd really have to reach to come up with a scenario where the United States launched a ballistic missile and did not want anyone to know it had done so. In the absence of a nuclear war, you're going to be dealing with the opposite problem when launching an ICBM: making sure everyone knows what the US is doing so they don't freak out about it.
All the states capable of detecting a launch could pretty well figure out who had launched from a ballistic submarine, in any case.
If it works, why change it? So long as they can find a supplier of new floppy disks for the data, it seems pretty reasonable to me (and given they're nuclear missiles, a few dozen grand per disc really doesn't seem that bad). Now if there are no more suppliers of those disks at all, and no way to read/write to them (at all), then we should start being a bit more concerned.