While the media has been getting itself worked up about the fact that American UAVs have broadcast video streams over unencrypted communications channels for years now, some in the military are taking a more nuanced approach to what battlefield data must be super secure.
Three years ago, news broke that insurgents in Iraq were able to watch UAV video feeds by using cheap software. This came more than a decade after video feeds from the MQ-1 Predator UAVs' first combat missions over the Balkans were inadvertently broadcast on local TV sets. And let's not forget the small frenzy that occurred when it was reported that a virus was recording keystrokes at U.S. Air Force drone command centers in 2011.
Some have dismissed the utility of hacking a drone feed without knowing exactly which aircraft's video is being looked at -- and therefore having the ability to warn potential targets. Others have a different take on this.
However, in light of ever-evolving cyber threats aimed at stealing as much data from -- well, everyone -- as possible, the Army is seeking to triage threats to its networks. What does this mean? It means figuring out what information warrants the significant investment in technology, time, and money required to protect it from hackers and what information will be useless if hacked. The latter is called perishable data, and in some cases it includes things like voice communications during a firefight. While this data would be encrypted against hacking by the enemy actually fighting U.S. forces, it wouldn't need to be hardened against hackers with advanced code-breaking abilities because by the time they tapped into the data and analyzed it, the fight would be over and the data useless.
"We recently made a big decision that's reducing a lot of our costs [and that] is going to [National Security Agency] Type 2 encryption for our push to talk radios at the tactical edge," said the U.S. Army's chief information officer, Lt. Gen. Susan Lawrence during a speech at the Association of the U.S. Army's annual conference in Washington last week. "We realized, did we really need full Type 1 encryption all the way to the dismounted soldier? No."
(Type 2 encryption is commonly used by the military to transmit sensitive but unclassified information.)
Lawrence's comments reflect the growing view among U.S. military commanders that it will be impossible to protect all of its networks and all the data on the networks. Therefore, the most important information must be heavily guarded against theft or corruption. and it must be kept on a network that is resilient enough to operate even while under attack.
"We can't protect all our networks . . . so it's more about the defense of our data. It's about the data, where do you put the information and the data, where should it reside so we can protect it," said Lawrence.