Richard U Wheeler

It turns out that the problems with GPS are bigger than any of us knew about — and that has serious implications about not just GPS, but about the larger cybersecurity debate that is playing out in the Senate this week with the final debate over the revised Cybersecurity Act of 2012.

Last month news broke that a team of researchers from the University of Texas had hijacked a drone by spoofing the GPS used in it’s navigation system. “Spoofing” is a hacking technique that involves fooling a computer into believing that the hacker’s computer is a trusted computer. In this case, the U of T team fooled the drone by sending a signal that pretended to be from satellites in the GPS constellation but contained inaccurate location information — information that would have caused the drone to crash if not for pilot intervention.

Which should worry you not just because GPS helps fly drones but also because none of us know how to get anywhere without it any more.

Read the full post on the Truman National Security Project blog.

It has become a depressing but now familiar pattern: in the space of a week, reports surfaced both that LinkedIn’s mobile app scraped information from users’ mobile devices and stored it on LinkedIn’s servers—without informing it’s users of the practice—and that LinkedIn user passwords had been broken and stolen by hackers since LinkedIn had only lightly encrypted and poorly defended the data. To make matters worse, like many of the similar breaches of recent years, these weren’t discovered or disclosed by LInkedIn but by private security researchers.

There are a number of concerns here, but one of the biggest is that for many workers today LinkedIn has become part of their “critical infrastructure”. It’s used for business development and networking to such a level that it’s unthinkable to remove yourself from the system—even if LinkedIn can’t keep your data safe. And without the pressure of losing users, LinkedIn may have little financial incentive to clean up its security practices. Which leaves users in the position of having to trust that LinkedIn will learn from it’s mistakes—a pretty shaky proposition given recent events.

Read the full post on the Truman National Security Project blog.

The news last month that LightSquared, a company attempting to deliver broadband internet via satellite, had filed for bankruptcy, settled a long-simmering but little noticed debate with far-reaching impacts on militaries, governments, businesses—and plain old folks like you and me.

Why? Because the global positioning system—better known as GPS—industry feared that LightSquared’s technology would interfere with the GPS signal, a service on which the world has become increasingly dependent but which it also takes almost completely taken for granted. The LIghtSquared decision a pretty big deal in and of itself—but it also opens a window into the larger debate on cyber security which is now being argued both inside the Beltway and around the world.

Read the full post on the Truman National Security Project blog.

As the debate on the future of cybersecurity in America continues to heat up, I’d like to take a moment to address one of the critical cybersecurity issues facing our country today:

My mother just bought a smart phone.

Why? Because they are new, and someone else she knows has one, and this person recently asked her if she sends text messages, and apparently this kind of peer pressure works at any age. And also because there was a sale at the Verizon store and like most Americans my mother can’t resist a sale. So despite the fact that my mother had gotten by perfectly well on a 200 minute a month senior plan on a “dumb” phone, she upgraded.

And that’s when the questions started.

Read the full post on the Truman National Security Project blog.

While in-the-loop intelligence and defense insiders have been preaching about the dangers of cyberwar for more than a decade (think Richard Clarke) most of the world is just starting to catch up.

And they are scared.

Because even though it’s great to think about cyberwar when you might be on the winning side (Stuxnet? What’s a Stuxnet?), it’s terrifying when you might be on the losing side (which is maybe why Iran has reportedly taken some of its oil terminals from the internet in the wake of a possible cyberattack). And the problem is that no one seems to know if they are winning or losing.

A major reason for this is that cyberattack, cyberwar, cybercrime—cybereverything—have taken on the character of a modern day Frankenstein monster. This thing called the internet has gotten out of hand, and just like Peter Boyle in Young Frankenstein, once its done tap dancing we want to hunt it down with pitchforks.

Read the full post on the Truman National Security Project blog.