Amen. But it will probably take a full-scale war to make people (and nations) aware of the security implications of armed remote-controlled robots. Some of them we can only guess at.
Future war: nations will hack each other's drones and use those drones to attack their owner? (or a third party, to provoke counter-attack)
That would be security theatre. Any actually dangerous attack on systems such as these is likely to be bespoke, like stuxnet. Therefore the platform doesn't matter.
Also, it shouldn't be too hard to create a virus that could spread via windows PCs but still carried a linux payload, for example.
As soon as you're up against bespoke, targeted attacks, the whole game changes.
Platform does matter. There are softwares where 0-days are more frequent. Stuxnet targeted windows platforms and used 4 different 0-days. It took two years for it to reach its target. Therefore, if the platform that ran the target was fixing its security flaws in, say, 6 months, stuxnet would have failed.
Even on targeted attacks, you need the target to have a flaw to infect it, and this is not ideology to say that some software companies are longer to correct flaws than others.
A machine where Acrobat Reader, Internet Explorer 6/7 or Adobe Flash Player are installed is more likely to be infected. These packages should be banned. In fact, on a part of a military infrastucture, I would expect to find only software that have been flagged as decently secured.
Forbidding Windows may be a bit extreme, but I would expect the army to have strict security policies, especially regarding installable software. Any executable file not certified by the US army should not be executed on a sensitive computer. It should be enforced by a piece of software or hardware. The idea that any operator can bring a usb drive and execute a file on it seems like an incredible laxism.
You are right, but Linux is superior here, because it is open source and you know everything about it. For Windows you can simply buy a 0day and that's it. When you write something for Linux, you can't be sure the targeted program is even on the distribution.
The NSA has excellent experience when it comes to secure UNIX systems. They published a very long RedHead guide somewhere, was posted on HN some time ago.
But in reality there is no way they share their knowledge, totally different organization and different contractor so synergies are lost for sure. How much energy would be saved when you don't try to reinvent the wheel every time.
I'm sure a vanilla linux-distribution is as easy an target as a windows box, if not even easier.
But why don't they use some hardened (grsecurity,selinux) kernel + http://linux-ima.sourceforge.net/ + a default forbid MAC policy + remote logging.
I can't see how this attack vector could be used against such a system.
These are deadly drones. It is probably a lot more work than using a plain windows box. But these machines can kill people. I thought the Military would use state of the art software security system.
About vanilla systems, I think no one can make a worse job than Microsoft. When I discovered that Windows XP was auto-executing some files in any USB stick you plugged in it, I decided to not take Microsoft seriously EVER about security. Yes, it was after their grand announcement they would focus on security. They probably improved many things since then, but I can't trust a company that did not understand the problem about arbitrary code execution during all these years to do a half-decent job at security.
The world-wide epidemics in computer virus would not exist without Windows. It is not about it being the most prevalent OS : Linux is prevalent amongst webservers, highly valuable targets. iOs is the most prevalent OS on cellphone, always-on targets. Neither see virus spreading. Think about it.
