As I wrote over at the Windy, this is the most important component of the Wall Street Journal’s blockbuster story about how a $25.95 off-the-shelf hack is allowing insurgents to see video from U.S. drones:
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.
Arrogance like this gets people killed. Reading back through some of the classic texts of the Defense Transformation/RMA era, you saw a rather keen understanding of how the rapidity and accordant widespread availability of military-relevant technology was leveling the potency of traditional U.S.-favorable asymmetries. But the answer on offer was to prop those asymmetries back up, rather than ask the implications of what an insurgent could do with off-the-shelf GPS. Noah Shachtman, in my view, wrote the definitive piece about this mistake.
A proper respect for the capabilities and the intelligence and the resilience of human beings across cultures is the best remedy. But it’s the hardest one to absorb, as that glaring warning in the Wall Street Journal demonstrates. I don’t want to be too hysterical here, or to take too panoramic a view. But the longer and harder you absorb that respect, the harder it is to launch a war. The good and decent people involved in, yes, the defense industries have to fight that structural asymmetry as well, before people needlessly die.
Update: Speaking of Noah…
Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and marines is also vulnerable to electronic interception, multiple military sources tell Danger Room. Which means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an already-enormous security breach is even larger than previously thought.