Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

MIT: Underwater to Atmosphere Radio Communications Perfected

September 10, 2018 by Marc Handelman in Communications, Submarine Communications, Science, Submarines, Military Communications, Must Read, Electromagnetic Waves, Electrical Engineering, Electronic Warfare, Electronics in Warfare, Electromagnetic Spectrum

Incroyable! Massachusetts Institute of Technology researchers have developed what could very well be the 'holy grail' of submarine-to-surface communications. Monikered TARF, the system ostensibly converts SONAR to RADAR with no mid-processing steps required. Absolutely superb work, and today's Must Read.

September 10, 2018 /Marc Handelman
Communications, Submarine Communications, Science, Submarines, Military Communications, Must Read, Electromagnetic Waves, Electrical Engineering, Electronic Warfare, Electronics in Warfare, Electromagnetic Spectrum

Global Repositioning →

August 15, 2016 by Marc Handelman in All is Information, Electronics in Warfare, GPS Security, GIS Security, Information Security

via Mark Psiaki, Ph.D. and Todd Humphreys, Ph.D., writing at IEEE Spectrum, comes this superlative piece on GPS Spoofing, and the effects thereof. Today's Must Read.

August 15, 2016 /Marc Handelman
All is Information, Electronics in Warfare, GPS Security, GIS Security, Information Security

Project West Ford →

March 29, 2016 by Marc Handelman in All is Information, Communications, Electrical Engineering, Electronics in Warfare, Signals

Absolutely Astounding... Project West Ford. I'll let the video speak for itself.

March 29, 2016 /Marc Handelman
All is Information, Communications, Electrical Engineering, Electronics in Warfare, Signals

FAA Systems Found Vulnerable to Attack, GAO Reports

March 10, 2015 by Marc Handelman in All is Information, Common Sense, Compute Infrastructure, Electronics in Warfare, Government, Governance, Information Security, Navigation, Network Security, Persistent Threats, National Security, Transportation Security

News, via The Washington Post's Ashley Halsey III of significant information security issues at the Federal Aviation Agency. In this case, the Government Accountability Office has published a new report entitled "FAA Needs to Address Weaknesses in Air Traffic Control Systems", detailing significant shortcomings in the agency's capability to fend off electronic attacks.

The GAO report facts speak volumes: The FAA has failed to fully implement the planned, 'agency-wide' information security program. The failure to implement and deploy is a tell-tale of questionable competency within the Agency's information security management, whose duty and primary task is protecting the National Airspace System (aka NAS), of which, should be the core competency of the FAA.

Time for a change at the FAA? Probably, however, the issue of foot-dragging is deeply systemic at the Agency, witness the multi-year effort to implement the FAA's Next Generation Air Transportation System (aka NextGen). Any change will most likely be accomplished over decades, rather than single digit years... After all, thirteen years post-FISMA and the Agency has not yet implemented and deployed the mandated FISMA requirements, is, in a word - astonishing.

Now, focusing on the issues, we turn to the GAO discovered chllanges the FAA faces (of which, a statement from the GAO appears below, and is a direct excerpt from the published report. Read it, my fellow citizens, and weep.

"While the Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). These include weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA's systems. Additionally, shortcomings in boundary protection controls between less-secure systems and the operational NAS environment increase the risk from these weaknesses.

FAA also did not fully implement its agency-wide information security program. As required by the Federal Information Security Management Act of 2002, federal agencies should implement a security program that provides a framework for implementing controls at the agency. However, FAA's implementation of its security program was incomplete. For example, it did not always sufficiently test security controls to determine that they were operating as intended; resolve identified security weaknesses in a timely fashion; or complete or adequately test plans for restoring system operations in the event of a disruption or disaster. Additionally, the group responsible for incident detection and response for NAS systems did not have sufficient access to security logs or network sensors on the operational network, limiting FAA's ability to detect and respond to security incidents affecting its mission-critical systems.

The weaknesses in FAA's security controls and implementation of its security program existed, in part, because FAA had not fully established an integrated, organization-wide approach to managing information security risk that is aligned with its mission. National Institute of Standards and Technology guidance calls for agencies to establish and implement a security governance structure, an executive-level risk management function, and a risk management strategy in order to manage risk to their systems and information. FAA has established a Cyber Security Steering Committee to provide an agency-wide risk management function. However, it has not fully established the governance structure and practices to ensure that its information security decisions are aligned with its mission. For example, it has not (1) clearly established roles and responsibilities for information security for the NAS or (2) updated its information security strategic plan to reflect significant changes in the NAS environment, such as increased reliance on computer networks.

Until FAA effectively implements security controls, establishes stronger agency-wide information security risk management processes, fully implements its NAS information security program, and ensures that remedial actions are addressed in a timely manner, the weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation's air traffic control system at increased and unnecessary risk." via the United States Government Accountablity Office Report "FAA Needs to Address Weaknesses in Air Traffic Control Systems"

March 10, 2015 /Marc Handelman
All is Information, Common Sense, Compute Infrastructure, Electronics in Warfare, Government, Governance, Information Security, Navigation, Network Security, Persistent Threats, National Security, Transportation Security

The Sleeper Awakens by Giovanino, DeviantArt

The Sleeper Awakens →

January 20, 2015 by Marc Handelman in All is Information, DARPA, Data Security, Disruptive Technologies, Electronics in Warfare, Information Security, Internet, Network Security, Web Security, Vulnerabilities, Cyberwar

 

Evidence, via George I. Seffers of indications that the United States Department of Defense has awoken to the realization, that with nearly ubiquitous connectivity, comes potentially lethal levels of vulnerability, leading to in extremis scenarios.

January 20, 2015 /Marc Handelman
All is Information, DARPA, Data Security, Disruptive Technologies, Electronics in Warfare, Information Security, Internet, Network Security, Web Security, Vulnerabilities, Cyberwar

Train Like You Will Fight, No Electronics →

October 16, 2014 by Marc Handelman in All is Information, Ancillary Equipment, Freedom, Government, Information Security, Intelligence, US Marine Corps, US Armed Forces, Security, Physical Security, National Security, Electronics in Warfare, EMP

Because, you will, me-buck-o, be-a war fighting sans guerre électronique...

October 16, 2014 /Marc Handelman
All is Information, Ancillary Equipment, Freedom, Government, Information Security, Intelligence, US Marine Corps, US Armed Forces, Security, Physical Security, National Security, Electronics in Warfare, EMP