Hacked Drones New Wake-Up Call for Enterprises - Page 2

Page 2 of 2

A bottoms-up approach to security

Embracing and encouraging technologies such as virtualization, cloud computing, mobile devices and, especially, Web 2.0 tools such as social networking applications, blogs and wikis, are creating new security concerns for enterprises that require a bottom-up approach to security, analysts said.

"Organizations need to spend time to clearly understand their risk posture," Dwayne Melancon, vice president of configuration assessment and change auditing software maker Tripwire, said in an e-mail to InternetNews.com. "It's often the little things' that compromise security such as, in the case of the drones, transmitting sensitive data 'in the clear' where others can gain uncontrolled access to it."

A recent study, conducted jointly by Traverse City, Mich. security researcher Ponemon Institute and CA, found that 79 percent of enterprise CIOs predict that the increasingly reliance on collaboration tools will significantly increase the amount of unstructured and sensitive data that is not adequately protected or secured.

"In this day and age, the person who intercepts the data might not even care and might not even be evil," Pescatore said. "He might pass it along inadvertently or on purpose. It's not that expensive to turn encryption on for these wireless systems. It's definitely more expensive to try to do after the fact."

The blogosphere weighs in

Reaction to the hacked drones on the NowPublic Newsroom blog ranged from shock to dispassion.

"How overblown," someone with the moniker "SVJJ" wrote on the blog. "So you see the satellite feed. Whatcha gonna do about it? In the desert, there are no obvious landmarks…and if you do see a landmark, what are you gonna do then? Smile at the satellite before being blown to smithereens within seconds?"

Others were more disturbed by the security breach.

"Even if you didn't have [SkyGrabber], there are fairly simple ways [to intercept the video feeds] with slightly modified receivers," wrote a contributor identifying himself as Steve Packard. "I'm floored that the pentagon would ever even consider sending video without the most basic security of any kind. DirecTV has a more secure signal than this!"

Pentagon officials said they first became aware of the security breach last year after apprehending a Shi'ite insurgent who had digital files of drone video feeds on his laptop. More files were found on other militants' laptops in July.

While this particular security hole has finally been filled, analysts said the ramifications of such an embarrassing breach will surely impact an organization's relationship with the public, its customers and its business partners.

"External perception of how you manage risk is a big deal whether governments or businesses are involved," Melancon said. "When word gets out that you knew about a problem but haven't been quick to resolve it, it often degrades public confidence in your ability to manage other risks."

(Predator photo courtesy of Reuters.)