Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Military Businesses Government IBM Microsoft Operating Systems Privacy Security Software United States IT News Build Hardware Technology

US Military Uses 8-Inch Floppy Disks To Coordinate Nuclear Force Operations (cnbc.com) 267

An anonymous reader writes from a report via CNBC: A new report reveals the U.S. Defense Department is still using 8-inch floppy disks in a computer system that coordinates the operational functions of the nation's nuclear forces. The Defense Department's 1970s-era IBM Series/1 Computer and long-outdated floppy disks handle functions related to intercontinental ballistic missiles, nuclear bombers and tanker support aircraft, according to the new Governmental Accountability Office report. The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella. "Federal legacy IT systems are becoming increasingly obsolete: Many use outdated software languages and hardware parts that are unsupported," the report found. "Agencies reported using several systems that have components that are, in some cases, at least 50 years old." From the report: "GAO pointed out that aging systems include the Treasury Department's 'individual master file,' which is the authoritative data source for individual taxpayers. It's used to assess taxes and generates refunds. That file 'is written in assembly language code -- a low-level computer code that is difficult to write and maintain -- and operates on an IBM mainframe,' the report said." The report also mentioned that several other departments, such as the departments of Treasury, Commerce, Health and Human Services and the Veterans' Administration, "reported using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago."
This discussion has been archived. No new comments can be posted.

US Military Uses 8-Inch Floppy Disks To Coordinate Nuclear Force Operations

Comments Filter:
  • Well... (Score:5, Funny)

    by Arkh89 ( 2870391 ) on Wednesday May 25, 2016 @04:42PM (#52182521)

    I hope they don't click the red cross... or we are all fucked...

  • by crypTeX ( 643412 ) on Wednesday May 25, 2016 @04:44PM (#52182529)
    We really should applaud them. Imagine how hard it will be to figure out how to write code [ibm.com] to hack this.
  • It's hopeless (Score:5, Insightful)

    by realmolo ( 574068 ) on Wednesday May 25, 2016 @04:45PM (#52182549)

    This kind of "back-end" software is EXACTLY the kind of thing that contractors DREAM of. Nobody knows how it works, and the general public never has to see it, so they can't complain about it being a piece-of-shit that they paid for.

    It's just like the air traffic control system "upgrade" they've been working on for nearly 30 years. The contractors have ZERO incentive to ever provide a working product. Much better to keep in in development forever.

    I'm not one of those "government can't do anything right" people, but this is one of those things that is just a tailor-made pork-barrel disaster. I see why they don't want to even bother trying.

    • Re:It's hopeless (Score:5, Insightful)

      by holophrastic ( 221104 ) on Wednesday May 25, 2016 @04:54PM (#52182643)

      Seems like a good investment to me. Operational for fifty years, and never been hacked. Seems like your government did everything right -- oh how I wish that had continued to be true.

      • Yes, imagine the horror when they "upgrade" to new and shiny. At least it will web scale or something.
    • The military using special technology is a good thing from a security perspective. It is not supposed to run on Commodity hardware and software, because if anyone can work on it everyone potentially has access.

      Stop playing the narrow minded "cheap is good" game and consider other reasoning. Longevity is a good thing, not a bad thing. Specialized knowledge in security is a good thing, not a bad thing. It's only government waste because you are only considering a very minor aspect.

      By the way, if they were

      • by tnk1 ( 899206 )

        Yes, that's great until you start running out of living humans with the ability to actually operate that stuff. I'm not saying I dislike quality or custom gear for the military, but support and logistics is a real thing.

        And unlike the wishful thinking about aliens and black ops the real reason we have $20,000 toilet seats is because the government can't just use something that everyone else does. And half the time, the reason isn't even something as intelligent as security or reliability, it's because som

        • by s.petry ( 762400 )

          Ask Iran how well that "we should be using commodity" rule you want to impose worked for them. Oh, wow! Never thought about that did you? Yeah buddy, we want to be just like them right? (That was sarcasm).

          And then you go out to fantasy island for your next point. How about the reason commodity items are overpriced is due to corruption? When we catch it we fix it? Hmm, what a novel thing to consider.. (more sarcasm, but well deserved) Then we consider that some things are better served as commodities,

          • by tnk1 ( 899206 )

            Your sarcasm is misplaced and missing the point. Nowhere did I suggest that a commodity rule was required for this. There is a middle ground.

            As for independent systems, you know that the military uses things like Windows, right? On warships. And for passing classified messages. It's not Windows 10, but it's not like we have to handcraft our operating systems.

            You think that the code written in assembler stored on 8-inch floppies makes something secure? You'll be lucky if there is any security features

    • Re:It's hopeless (Score:5, Interesting)

      by ShanghaiBill ( 739463 ) on Wednesday May 25, 2016 @05:11PM (#52182799)

      The contractors have ZERO incentive to ever provide a working product.

      I have worked on tech projects both as a government employee and as a contractor. Most projects were disasters for the reasons you list, but I have seen a few successes. Here is a quick checklist:

      1. Do NOT use a contractor. They have a vested interest in bloat and delay.
      2. Use your own subordinates so they have skin in the game, and their future raises and promotions depend on the success of the project.
      3. Make sure they are a small team that has worked together successfully in the past on similar projects.
      4. Starve them of resources, so they have no choice but to implement a clean and simple design, with only basic functionality.
      5. Avoid hyping or even announcing the project until you have something working. If you hype it early, you will get demands for every feature, including the kitchen sink, thrown at you, and you will get politically connected contractors forced on you.

      • They have a vested interest in bloat and delay.

        I haven't seen any of it, at least at the individual level. Where I do see it is management level (cost plus). This is a problem by both buyer (lack of oversight) and the supplier. But what's the alternative, NASA hiring another 20,000 people only to fire them when the latest rocket program gets cancelled? Then try and staff up when it gets refunded?

      • Re:It's hopeless (Score:4, Insightful)

        by Kjella ( 173770 ) on Thursday May 26, 2016 @02:20AM (#52185387) Homepage

        1. Do NOT use a contractor. They have a vested interest in bloat and delay.
        2. Use your own subordinates so they have skin in the game, and their future raises and promotions depend on the success of the project.

        1. Depends. Small contractors have often been the ones pushing to cut through the fluff and get real specs and deliverables on the table because they know the budget is fixed, not delivering makes them look bad and if they don't it'll just fizzle like so many projects we have that are ongoing but never really materialize. "Too big to fail" projects that'll be funded next year too unless hell freezes over are different, but then you're often screwed because you really don't have the skills or resources in-house. In fact big projects almost always fail because of the next one.
        2. For the most part, that simply can't happen. There's no authority to make incentive or performance-based pay, I have my pay grade and overtime pay. As for raises, if I were to get any significantly more pay than anyone with less education, experience and tenure it'd raise hell with unions and whatnot. And it's often the same with promotions, you'll get promoted when it's your turn because if they pass up a candidate that's better on paper there's actually a formal complaint process. Same with public procurement processes, nobody's free to do what they feel is best for the bottom line.

        As for 3-5. they're generally good ideas. If you give people too much time and money to try solving every problem forever, they'll sit around making grand plans and often dismissing the reasons why the current system has become such a mess as bad design, when in reality it's a messy world out there and kludges are our way to cope.

        5. Avoid (...) even announcing the project until you have something working.

        Sadly I've found this is the easiest way to get something done, particularly if it's the type of solution that's not great but less terrible than the one we have. They say learn to walk before you run, but nobody here seems to have heard it. Every time there's a project to get on our feet, somebody must come in and crush it because it's not good enough. Which usually means we're crawling around for a few more years while they argue about their master plan to simultaneously win the 100m dash and the marathon at the Olympics.

        I'm so tired of pie-in-the-sky plans that end up a mad dash to deliver the barest minimum because somebody finally put the foot down, basically throwing away 90% of the work because there was no time to even try implementing anything remotely like it. There should be like a shot clock, if you've spent 30% of your budget start implementing and figure out where the rubber meets the road. Anything else leads to meaningless exercises like trying to estimate a solution where we haven't even decided on the principle for the solution, much less made an actual design and broken it down into work that needs doing and could reasonably be estimated.

    • by WheezyJoe ( 1168567 ) <fegg@excite.cCOFFEEom minus caffeine> on Wednesday May 25, 2016 @05:36PM (#52182991)

      Sounds to me like tax-payer dollars well-spent on equipment that keeps on giving.

      Maybe your typical gamer has to upgrade every coupla years because the latest Doom doesn't run well on a 4-year old GeForce. Maybe Macy's needs to upgrade their mainframes because they have way more inventory to deal with and want to offer more sales online. And maybe we all need to upgrade off Windows XP (looking at you, banks, with your hackable ATM's) because it was a lousy, full-of-security-holes platform in the first place.

      But as Microsoft tries to force me off my perfectly workable Windows 7 for no damn reason, I wonder why a machine bought by a government department, that does the job and does it really well, needs to be upgraded or swapped out for something new that may or may not work because of something non-related to whether the damned thing does the job and does it really well. Replacing such a system is not easy, particularly when there are consultants circling overhead, hungry for a fat government contract so they can build a complete clusterfuck out of overpriced commodity hardware that does nothing approaching what the old system did. And needs to be upgraded all over again in 2-3 years.

      Yes, on the one hand, holy shit! those are old floppy drives. On the other hand, holy shit! they still work and do the job after all these years. Why have we grown so accustomed to throwing shit out every coupla years? Seems to me, government (state and federal) is one of those areas where shit oughta stay the same for a while so people can focus on getting the job done, rather than re-learning and re-tooling every few years just because some software vendor wants to sell another release of something.

    • But it's the way it is because there's no budget to fix it. In corporations they upgrade PCs every one or two year, polish up the foosball tables, then tell the investors that they need more funding. In the government they often are stuck with aging outdated equipment, buildings, etc. Of course, given the price tag charged by contractors treating the government as an ATM it's no wonder they can't upgrade.

      • by PPH ( 736903 )

        In corporations they upgrade PCs every one or two year,

        Not where I've worked. Things get stuck as-is until management can be convinced that there is a crisis. A few hundred million in funding is secured, consultants are brought in. Nobody can find the old source code, so millions of dollars more are expended trying to reverse engineer the legacy system. Projects go seriously over budget and schedule. But we had a saying: Heads roll uphill.

    • It's just like the air traffic control system "upgrade" they've been working on for nearly 30 years. The contractors have ZERO incentive to ever provide a working product. Much better to keep in in development forever.

      Next Generation Air Transportation System started initial planning in 2003 (nowhere close to 30 years ago), and the actual implimentation started some time later. It was always planned to be a slow rollout, in part because aircraft would have to be fitted with new equipment, and airlines did want to rush to do that.

      Moreover, many parts of the system are already working. For example, see the section in the linked article on noise pollution. The system is efficient in that it can pack more planes in a given a

  • So What? (Score:5, Insightful)

    by plopez ( 54068 ) on Wednesday May 25, 2016 @04:46PM (#52182557) Journal

    They've been stable for decades. I'll take master files on floppy disks and programs written by people who cared over "eventually consistent" databases developed by "just good enough" monkeys any day.

    • Re:So What? (Score:5, Insightful)

      by nuckfuts ( 690967 ) on Wednesday May 25, 2016 @05:20PM (#52182855)

      Yes and no. I would not advocate changing operating systems simply because they "stopped being supported by the vendor more than a decade ago". After all, if your needs have been met for decades by something like MS-DOS 6.1 or Windows 3.11, what "support" would you looking for from Microsoft today?

      Physical devices are a completely different issue, however. Floppy drives and floppy disks WILL wear out and fail. Maybe these agencies have a stockpile of spares, or maybe someone is still manufacturing 8" floppies to sell to the government for an arm and a leg, but barring that, good luck sourcing replacements for your antique computer hardware when it fails.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        I work on similar systems, and while we don't have stuff quite that old, the US Military absolutely knows about the obsolescence, yes those floppy drive and floppy disks do wear out. However they knew that when they built the system, when they bought the drives back then they went out and bought a 50 year supply of drives and floppies. And today the still repair the systems, and the logistics guys know roughly when they will run out of parts, and they will replace those bits when they need to. With those ol

      • by Dadoo ( 899435 )

        Physical devices are a completely different issue, however. Floppy drives and floppy disks WILL wear out and fail.

        If you have enough money, you can pay someone to build you an 8" floppy drive, from scratch.

        • by nmb3000 ( 741169 )

          If you have enough money, you can pay someone to build you an 8" floppy drive, from scratch.

          Must you first invent the universe?

        • by Lehk228 ( 705449 )
          their techs have been repairing those drives for 50 years, odds are most of them could build one from a rack of components.
          • their techs have been repairing those drives for 50 years, odds are most of them could build one from a rack of components.

            Indeed. Send those techs to the pub with a couple of decent engineers for a few evenings, and you'd have a brand new design that could easily be built today with modern components.

      • by Nethead ( 1563 )

        I actually have about 100 old 8" floppies and two drives sitting out in the shed. Now that I've typed that on the Internet, the government knows where to find them. I'll just reset the combo lock to 8008 for them.

    • If you knew what an "eventual consistant" database is, you would not rant like that.

      • by plopez ( 54068 )

        It means corrupted inconsistent "good enough" data. I've had plenty of that over the years.

  • I know it was fictional, but I just can't get WOPR out of my mind when reading this.

    • WOPR or really the idea behind it is EXACTLY why we use 1950's technology still in our nuclear silos.

      Think about it. If you own an operational nuclear tipped missile, your primary concern is that it is only going to detonate when and where YOU want it too. Also figure that you realize that this thing is going to be sitting for decades, hopefully with a minimum of mess and fuss over things like maintenance and refurbishment. It may sit there for multiple decades, but it HAS to work when you push the butt

      • by Imrik ( 148191 )

        Rather than only detonating when and where I want it to, my primary concern is that it not detonate any other time and place, detonating at the correct time and place is just a bonus.

  • So if... (Score:5, Funny)

    by dfsmith ( 960400 ) on Wednesday May 25, 2016 @04:51PM (#52182611) Homepage Journal

    If I notice a quantity of 8" floppies dropped around a parking lot next to an inconspicuous government building, can I assume that some sort of Stuxnet [wired.com] cyber attack is under way?

  • Obviously, they urgently need to start a new procurement cycle. Then things can get royally screwed up
    • Yeah, we should rewrite everything!

      I actually wouldn't mind being PM on a modernization job like that. It's the sort of high-complexity, high-risk program that got me into project management in the first place: so many things can go wrong, from bad requirements gathering to bad delivery, and predicting and controlling all those risks is an amazing challenge.

      • The tricky bit is whether anyone bidding for such a job would want the project managed as competently as possible, or whether it's one of those situations where having a risibly old(but functional enough that disasters aren't drawing attention to the slipping deadlines of the replacement) legacy system makes meandering in the vague direction of a solution for as long as you can as good or better than actually delivering.

        If something like the 'CityTime' payroll system upgrade project can go as excitingly
        • Of course they'd want it managed as competently as possible. They have to bid low against competition, and every unpredicted and uncontrolled risk cuts into their profits on that. Failure to deliver on-budget bans you from government contracts with the agency for several years. Besides that, the agency awards a fixed-fee-plus-awards or time-plus-awards contract for this sort of work, meaning finishing at higher quality and less time generates a higher per-hour billable than stretching the work, and thus

  • I'd be curious to know how many of these seriously outdated systems are egregious piles of failure; and how many are utterly contrary to any fad of the week from the last three decades; but where done right the first time and actually compare pretty favorably to the results of (the so often horribly doomed) 'upgrade' efforts.

    Some flavors of outdated are fairly clearly bad; if you can't get replacement hardware without raiding a museum or reverse engineering and cloning/emulating quirky 80s gear all by yourself, keeping your systems running is going to be unpleasant and expensive. If you have a system whose security depends on an OS or other 3rd party components that have exciting known vulnerabilities and haven't had vendor support even under a thrillingly expensive special extended contract with the vendor in a decade, you have a problem.

    If you have a legacy system that is merely retro; but well built and supported by hardware you can still get without much trouble, you will certainly get your share of snide comments about its dreadfully antique design; but you are taking a real risk in trying to modernize it. Those sorts of 'upgrades' don't always fail; but agonizing, wildly expensive, upgrade attempts that languish in development so long that the upgrade is obsolete before you've finished deploying it are hardly uncommon.

    Sure, in an ideal world, we'd all get to implement from scratch with all the benefits of hindsight and absolutely no accrued technical debt; but we don't live in an ideal world. How many of these systems are old as in broken; and how many are old as in classic?
    • I would argue its even better if it works properly. What are the chances an attacker would know to target, or would even have the ability to target such an old system.
      • I wouldn't necessarily take refuge in obscurity if running something important; a core IRS system or nuclear-related control systems would be the sort of targets where you'll get some fairly motivated attackers rather than just kiddies looking for soft targets. That said, it's not necessarily the case that old=insecure in a situation where you aren't dealing with software thrown together as fast as possible to secure a first mover advantage or win a feature race with competitors.

        There have been a lot of
    • by tnk1 ( 899206 )

      They were probably *all* piles of failure at one point. The nice thing about having 40-50 years to work on something is that eventually you don't just fix a few bugs, you've probably re-written the whole thing about three times over with all that patches that went into it. And that's just the first twenty years *before* it was shoved into "evergreen" neglect mode for the following twenty years.

    • Retro becomes a problem because it becomes excessively expensive, or even impossible, to maintain.

      Consider just those 8" floppy disks. For starters, they're not exactly durable. And barring clumsiness, the oxide coating used for data storage continues to oxidize over time since they're not airtight. So every one of them is slowly going bad and needs to be periodically replaced. Vintage disks in a warehouse would also be exposed to oxygen and slowly going bad. So somewhere there's a production line runn

      • by sd4f ( 1891894 )
        You wouldn't really need to maintain the entire production line. In this case, I would presume that the demand for the disks would be low, so you'd look at different production techniques which are going to be more labour intensive, but much more cost effective for low production volumes. After all, in a floppy disk, there's very few parts, most of which are incredibly simple to manufacture, and can be done in more ways than one. For instance, you wouldn't need the same machine that made jackets all those y
        • For instance, you wouldn't need the same machine that made jackets all those years ago, as that could easily be done on a small 2D CNC machine.

          The world runs on small plastic bits o' crap. There's manufacturing facilities from all levels of scale from near one off injection moulds to manufacture by the billion in a wide variety of ways. My guess would be for the jackets, you can find some low volume manufacturer, they'll CNC the moulds and can then run off batches of 1000 every few years or so as you need t

      • So those are some epically expensive 8" floppy disks.

        Yes, but probably still cheaper than the alternative. One of the usual suspects (big contractors) is easily capable of burning through 10 billion building a "replacement" which is eventually scrapped because it doesn't work. You can buy a lot of epically expensive floppy disks for that price. Heck, you could buy and staff the factory 1000 times over probably for that price.

      • Retro may be a bit more costly, but you're ignoring the astronomical cost of upgrading big systems like these. We're not talking about someone's desktop PC being overdue for an upgrade.

        Estimates are that "it would cost $352 billion over the next decade to modernize the facilities." Obviously you can keep 8" floppies in production for FAR, FAR less than that! What's more, even if you spent the hundreds of billions of dollars to upgrade the systems, you're ONLY moving the baseline forward a bit, not PERMAN

  • by The New Guy 2.0 ( 3497907 ) on Wednesday May 25, 2016 @04:58PM (#52182681)

    The government doesn't want anything in general release in these situations. A large old floppy isn't readable or writable by the average Windows computer. This creates "security by obscurity" that makes it harder for a non-authorized command to be run. We don't want some kid playing Thermo-Nuclear War.

  • Obligatory War Games reference.
  • The systems were designed in the 70s and have had minimal upgrades since then. Honestly I'm not even convinced we could actually prosecute a complete nuclear war at this point. The other problem is that designing a new system would cost tens of billions of dollars due to the inevitable cost overruns and waste from the Military-Industrial Complex.

    We should produce upgraded command and control systems, but we should also have fixed price contracts to keep things in line.
  • My daughter found a very dusty 8 inch floppy that must've been at least twelve years old. It had a game on it that I'd bought as shareware in the early days of the Internet. She found an old floppy drive in my spare parts bucket and hooked it up - the game actually worked and was a pretty good RPG for it's day (it was called Lumpies of Lotus [atarimagazines.com]), so she wrote a review of the game in an online forum and received an nice "Thank You" from the author.

    So there's a chance that the guys watching over the US nuclear a

  • Finding parts on eBay for that.
  • The best possible outcome for humanity would be that the launch systems for nuclear arsenals don't actually work. The United States currently has a strategic nuclear stockpile of approximately 547 Mt. Detonating those warheads in our atmosphere would simply end civilization, with no winners and no future. Well, unless you're an ambitious young cockroach with your eyes set on world domination.

    Nuclear stockpiles are as sensible as boarding a jetliner with an M2 flamethrower, just in case there happens to be a

  • Wasn't this stuff covered on a 60 Minutes report in the past year or so?

    Another example being some sort of special tool (a wrench?) being FedEx-ed between sites because some broke and they didn't have extras?

  • by bogaboga ( 793279 ) on Wednesday May 25, 2016 @05:30PM (#52182943)

    It amazes me that our so called analysts then laugh at Russia for what they sometimes called its "rustbucket military hardware."

    That was until [in Syria], it delivered a shock [independent.co.uk] to us us in the west, with its successive wins on the battlefield, despite having less hardware compared to the west's.

  • by blind biker ( 1066130 ) on Wednesday May 25, 2016 @05:30PM (#52182945) Journal

    I worked at a bank that had several mainframes IPL-ing from 8" floppies - I left the bank at the end of the 90's - at that point, the system has been operational for more than a decade. As far as I know, not a single floppy has ever failed during the years I've been there, or before my tenure.

    • Not surprising that the quality went down. I do remember when I was starting off, floppies were reliable. I don't think I actually remember one failing on me, but they were pretty pricey. By the end, they'd been caught in an aggressive price war and so of course the quality was in the pan. It got to the stage where you couldn't even necessarily transfer a file once off on one without it crapping out.

      It's not a "things were better then", it's that a race to the bottom price wise produces junk. Of course if I

  • This is what happens when your country has a negligible military budget. Oh wait. So where IS the money going if none of it is going to upgrading existing hardware?
  • by Guy Harris ( 3803 ) <guy@alum.mit.edu> on Wednesday May 25, 2016 @05:41PM (#52183033)

    Here's the actual Government Accounting Office report [gao.gov], if you want to read it instead of a Slashdot story about a news story about the report.

  • by Brannon ( 221550 ) on Wednesday May 25, 2016 @05:51PM (#52183129)

    nt

  • I have a box of 2500 unpunched, punch cards that I can donate to the government if they run short.

  • I'm a little concerned that the system still uses 8" floppies. I'm much more concerned it uses 90's era (or even contemporary) Microsoft products.
  • The programs written for the weapons are the only item run on the computers for a reason. The code is trusted and audited which is way more important than new and flashy. Changing or updating the underlying OS or code requires a new audit and verification.

    The calculations can be done longhand for verification.

    Read the rainbow series for more info if they are still in existence.

  • ...when they tell about their weird and bizarre conspiracy theories. The brains have been infected by Hollywood.

    As this article points out, there's still a good chunk of tech that hasn't been changed for decades even in critical systems. There's no super 'leet next age UI. There's a monochrome monitor with a prompt that says "feed-the-badger>" with a tape drive and an 8" floppy.

    If ain't broke and has 1200 pages of mimeographed documentation then it's still good.

  • I still have a few 8 inch disks lying around, some with data on that I programmed in 1980/81 or so. Maybe the DOD is in the market?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...