Military develops firewall appliance for battlefield networks.

14 November 2007

Following battlefield tales that Hezbollah had compromised the IDF communications network during operations in Lebanon last year, defense contractors have developed Meshnet, a hardware and software firewall appliance to protect the data networks of battlefield equipment, on the chance that someone would figure out how to infect them with malicious agents of some sort in the near future. Meshnet is supposedly based upon the Sidewinder Security Appliance from Secure Computing, but includes specialized hardware that deals with the network protocols and connection gear used in the control systems of tanks, armored personnel carriers, or what have you along with anti-spyware and antivirus software. They've probably stepped up the development of such a device because a lot of gear in the field uses COTS (Commercial, Off The Shelf) hardware and software to accelerate development and reduce production cost. Why spend hundreds of millions of dollars to develop something entirely new, so the reasoning goes, when you can spend tens of millions of dollars to assemble a device from commodity components and known and documented software?

There's a downside to using COTS components in military gear, though: If it's on the open market, chances are someone's been finding vulnerabilities to exploit in it, and the bugs in a desktop copy of Windows XP and a copy of XP running in a networked backpack computer in the Middle East are probably the same. There is also the hazard of outsourcing the development of military combat software to software development companies overseas, the possibility of the code you get back containing backdoors, boobytraps, or other logic bombs that could be remotely exploited by the other side (or whomever the development company sells knowledge of the logic bombs to). Or, there's always the possibility that the PDA issued to someone in the field was used to browse a porn site the last time they were off duty (don't laugh, it's happened) and the device wound up infected with an exotic form of poorly written malware that causes the device to malfunction. It's a paranoid thought, to be sure, but stranger things have happened, and the last thing anyone wants is a semi-autonomous drone aircraft going haywire and crashing headlong onto a military base in Iraq. It's all too possible.

What gets me about these articles is this: By designing a firewall/antivirus/anti-malware fitting for military field equipment, there is a strong implication that a) it is possible to connect foreign data storage media into the command mechanisms of said equipment (which is a huge no-no whenever the DoD is involved), and that b) it is possible to directly access the command mechanisms of said equipment via the communications module. Or, to use my generation's metaphor for this sort of thing, they put a modem on the computer at NORAD that could start World War III, and a high school kid cracked it. It would be a horribly dangerous thing if someone did just that - hooked the radios directly into the navigational or weapons systems, providing a direct route of compromise into things that no one outside of the cockpit should have access to.

One could further postulate that requiring such a device to protect the internal command network of (for example) an M1 Abrams tank means that they don't have tight administrative control over their equipment. If you don't want people putting data onto or taking it off of your systems, control the access ports: Take out the floppy and CD-ROM drives and superglue the USB ports shut, as well as configuring the network-aware software to disallow ad-hoc data transfers. Or, don't even get equipment that has those I/O devices to begin with - you'd be hard pressed to make a convincing argument to a military engineer that you really needed a miniature all-in-one memory card reader in a helicopter. If you don't want outside attackers messing with your data while it's in transit, strongly authenticate all connection attempts and encrypt the traffic. I other words, I don't like what this is suggesting.

It is also entirely possible, I hasten to add in the interest of fullness (as if a topic such as this could be discussed in its entirety in a single post) that this is a belt-and-suspenders countermeasure: The specifics of the technologies protecting military C&C (Command and Control) are classified, and this is one more defensive measure that would have to be overcome in the event of a security compromise, part of a strategy called defense in depth by the information security industry.

I really hope that I'm just wondering idly, and that some of the bad scenarios up there really won't come to pass because someone in a lab someplace knew better.