05/29/2018
US Army Military Auxiliary Radio System (MARS[1]) Headquarters is recommending that MARS members "migrate to stand-alone computer systems for [MARS] radio operations," subject to the availability of a dedicated computer.
"These computer systems (or their associated local area networks) should be 'air-gapped' from the internet," Army MARS Headquarters Operations Officer David McGinnis, K7UXO, said in a message to members. "Although not a requirement for membership at this time, we will continue make this a condition of certain parts of our exercises."
McGinnis pointed to remarks by Cisco researchers in a recent Ars Technica article[2] about VPNFilter malware: "Hackers possibly working for an advanced nation have infected more than 500,000 home and small-office routers around the world with malware that can be used to collect communications, launch attacks on others, and permanently destroy the devices with a single command."
McGinnis told Army MARS members that MARS Headquarters does not discuss specific cyber threats with MARS members or with the public. "We also cannot confirm or deny information about specific threats," he said, adding that he had "no specific knowledge" about VPNFilter malware and no comment on the Cisco report.
For communication exercises this year, MARS established conditions for a certain portion of the drill that requires use of standalone computer systems "normally not connected to the internet."
MARS member and software consultant Steve Hajducek, N2CKH, has recommend that members using the MIL-STD (military standard) Data Modem Terminal (MS-DMT) communications software employ stand-alone computers in conjunction with the software as a best practice for achieving a high level of performance. McGinnis said discussion of stand-alone computer systems on Hadjuceks's support forums and their use in communications exercises let Army MARS Headquarters weigh in on the discussion. He pointed out that the MARS mission assumes that an internet connection is not available. He said used or refurbished PCs are widely available at low cost and could be dedicated to serve a stand-alone function.
"The most effective way to protect against threats that come from the internet is to isolate from the internet," McGinnis added.
"Despite a stand-alone environment, we assume that all computer systems in private citizens' hands are infected with hostile software code of some sort and are not secured," he said. "No amount of virus and malware scanning software changes that assumption. We can, however, isolate computers by disconnecting them from the international network in which hostile software will report and receive instruction."
McGinnis said future versions of MARS software will check for an internet connection and will disable the software. "We understand this lock-out does not provide security in and of itself; rather, its value is in changing the behavior of members," he explained.
He encouraged MARS to monitor for internet security threats and determine how to secure their internet-connected and stand-alone devices.
MARS Program Manager Paul English, WD8DBY, told ARRL that the MARS goal is to isolate MARS members' computers from the internet as much as possible. "Having stand-alone computers running as few other resources than MARS-related software improves the overall MIL-STD system software performance and further isolates computers from infections, malware, and hacking," he said. English added that isolating the computers that members use for MARS-related activity is "a goal, but has not been directed."ÿ ÿÿ
[1]
http://usamars.us/
[2]
https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/?amp=1
---
þ Synchronet þ Whiskey Lover's Amateur Radio BBS