Why? Because the level of skill required to crack a Unix-like OS is much higher than that needed for a Microsoft OS. Further, properly configured Unix-like systems are much more robust than Microsoft systems. Were Military forces using properly configured and properly secured Unix or Linux systems we would not see items like these below being reported.
I just had a, “What were they thinking?!”, moment while reading this article at ars technica: Computer virus hits US Predator and Reaper drone fleet. First, it is not a “computer virus”, it is a Microsoft operating system virus. Second, using Microsoft operating systems for any critical Military computer systems is just wrong. I know the US Military has specifications for rugged computer systems that must be made in the USA. That makes sense. What does not make sense is the fact that the US Military will accept Microsoft operating systems on its critical, sensitive hardware at this date in time. That is like specifying a bank vault that can withstand a nearby nuclear blast, but allowing the builder to install a screen door for access to the vault. It is just a Bad Idea!
This was a deja vu moment as well. I was following news about Military systems back in the 1990′s and had a similar experience when I read about the US Navy “smart ship” running Microsoft Windows NT … and having a ship killing system failure: Software glitches leave Navy Smart Ship dead in the water. I completely agreed with Ron Redman, deputy technical director of the Fleet Introduction Division of the Aegis Program Executive Office, at the time when he stated:
“Unix is a better system for control of equipment and machinery, whereas NT is a better system for the transfer of information and data. NT has never been fully refined and there are times when we have had shutdowns that resulted from NT.” … and … “Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT,” Redman said. “If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down.”
Actually, after re-reading that, I disagree that NT, or any Microsoft OS, was or is “a better system for the transfer of information and data” when compared to a Unix-like OS. I would use Linux for that too. Especially in a critical Military system like a “smart ship” or a drone control center. Frankly I do use Linux for operational security and the secure transfer of information and data in my own small business. I thank God that I do not have to succumb to political pressure forcing me to use a Microsoft OS for my business. It seems to me, if I can figure out how to implement Linux for my personal and business use, surely the US Military can do the same for its critical systems infrastructure. Obviously some people in the Military “get it” when it comes down to what system is best for critical control systems. Now if only the Microsoft lobbyists can be shut down from affecting the decisions as to what systems are best for the US Military.
Microsoft still makes a decent gaming operating system. But that is about the sum total for which I would agree a Microsoft system should be used. Even there I am agreeing reluctantly only because the majority of current PC game development targets the Microsoft OS.
Hey, US Military folk and US Senators with military oversight, if it has to be from the USA, ever hear of Red Hat Linux? How about the US NSA’s own Security-Enhanced Linux? Perhaps it is time for you folk to rethink the requirements for Military computing systems and make one of these Linux operating systems part of the requirement. Or take the Linux kernel source code and use your own internal Military IT staff and programmers to collaborate and build a custom system just for Military use. Any of these would be a better option than relying on a “known to be owned” OS like any of those from Microsoft. I will be glad to introduce you to Linux if you want to pay me for a Linux consultation. Just sayin’ …
Discuss this article at:
Edit Sat Oct 8 20:57:30 CDT 2011: Due to a salient observation elsewhere, change “pwn” to crack in the first paragraph.
Hi. The Army is well aware of Linux, and I can tell you the commanding general of the Army’s Research, Development and Engineering Command has long experience with Linux and Red Hat. I’ve also talked to some folks at our High Performance Computing lab who are Linux users, both at work and at home. I’m presently the public affairs officer for the command, and I’m posting this from within Arch Linux running on a MacBook Pro (it’s my personal machine).
All that said, RDECOM does not create every system the Army uses. It works with hundreds of partners in academia, industry and foreign countries to get the best technology for our Soldiers. As you know, we’ve been fighting two wars for quite a while now, and we have a lot of systems using a lot of different kinds of technology. The mission is to get capabilities to the field where and when Soldiers need them. Some do, indeed, use open source software. Some use commercial software. All help make our Army the most technologically advanced in the world.
I invite you to visit our web site or our blog, http://armytechnology.armylive.dodlive.mil/. We’re also on Facebook, Twitter, YouTube and other sites. Our primary social media guy is in training for a few weeks, so it might be a bit slow, but keep checking back to see what the Army is up to.
Hi Joe,
I was tempted to write “Hi G.I. Joe”, but that would have been trite.
Thanks for the comment and the URL. I and others will likely take you up on your offer to follow along on the US Army web log, etcetera. I am not a “social media” kind-of guy, but I will read the occasional blog post. Anyway, keep up the good work. Again, thanks for dropping in.
For the record, to those individuals in “the military” who wince at the use of “the military” to lump all divisions together. I am fully aware of the separate divisions of the US Military. I am also aware that many decisions about technology are made in each division separately. I simply contend that no critical military system in any division should be running a Microsoft OS at this time in history. Microsoft has a proven track record of its operating systems being suborned over and over. They should not be used in sensitive, critical systems, period.
Added later: My curiosity being piqued by Joe from The Army (above), I spent some time web searching for Linux in military hands. I found some articles:
The Air Force’s secure Linux distribution
Open-source use goes unmeasured, unchecked – “The military branch was already using Linux and other open-source applications in 75% of its divisions, and in half of those, open-source use had already reached mission-critical status.”
Only one-third of agencies pass the Federal Open Technology Report Card – However the DoD is part of that one-third.
I looked around at some of the most stunning (in the sense of disappointing) news about how Windows has produced a major problem and found out one that is pretty saddening cause it involves lives.
You remember the Spanair plane crash that happened about a couple of years ago in Barajas Airport in Spain? It was reported (or rather, gossiped) that a computer involved in checking the plane had been compromised with malware. After revisiting the information available about the crash, the affected computer is a central node where alarms from planes are processed. If a plane (or a system in a plane) reports 3 alarms, it is sent for revision…. well… this is the system that failed to check for the 3-alarm report which I assume had already been sent from the plane. Had the computer been working correctly, the crash could have been avoided. How about that?
http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes
Or its translation (thanks go to google… hope the link works):
http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=es&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.elpais.com%2Farticulo%2Fespana%2Fordenador%2FSpanair%2Fanotaba%2Ffallos%2Faviones%2Ftenia%2Fvirus%2Felpepiesp%2F20100820elpepinac_11%2FTes
The original article was published by Wired.com, not ars technica:
http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/
No, they shouldn’t be using Linux. They should b using a real-time operating system. Linux is just no good enough for that application.
Shawn, will you please share your real-time operating systems?
Linux does in fact have a real time kernel. I have compiled and used it in dozens of audio applications which require a real time kernel, such as live effects processing and video mixing.
Since the Real-Time part relies only on the kernel and the application that needs RT status, it is as simple as replacing just the kernel and writing and compiling the application. All other aspects of the operating system (office software, TCP/IP stack, etc.) are the same.
I strongly agree.
Don’t worry for military linux users, they are aware of linux advantages as many combat systems use Red Hat to lead radars, weapons systems, sensors…
Regarding Debian, it is perfect for remote controlled vehicles as shown in the following website:
http://paparazzi.enac.fr/wiki/Main_Page
The drawback is that everybody can use such a system for ANY purpose…
I don’t think that linux is good enough for some of these applications. A formally proven real-time kernel or formally proven microkernel like L4 should be the only sort of systems allowed to touch the bare metal of military weapons. Linux is probably good enough for command and control, and is certainly better than some other popular OS’s.
For those of you wondering, like I did, “What is L4?”, here is a URL: http://l4hq.org/ Unfortunately the FAQ off that site appears to be broken. There is enough information on the site to get an idea about what L4 kernels are anyway.
The problem for using Linux or Windows really boils down to middle and upper level leaders are used to Windows. They know how to get a letter to print and whatnot. It’s all about familiarity, not strategic thinking. That’s how things get set up that way. The switch, whether military command or the local school district, gets bogged down with “well it will cost us this much more for training”. Fear of the unknown holds it all back, which is amazing given their training for courage under fire. How many iPhones are being used by the Divisions now? Somehow the same command avoiding Linux got a “linux-like” phone OS to do what they want/need…
No they should not use Linux. They should continue using Windows for as long as possible.
What I think is even more unbelievable than the American military trusting their systems to Windows software is that the Iranians, after building their nuclear plant in the teeth of American opposition, used dodgy American software to control their centrifuges and left themselves wide open to the CIA Stuxnet attack. If ever there was a ‘what were they thinking’ moment ….