Slashdot Mirror
GOVNET In the Works
gtg010b writes: "According to USA Today, the U.S. government is considering a private network to be used for all government communications. This network would be "separate from the Internet to keep it safe from hackers or terrorists" according to Richard Clarke, the head of the president's "cyberspace security adviser." Whatever happened to government not being above the people?" Clarke is the guy who's been crying "cyber Pearl Harbor" for a few years; apparently if you cry wolf long enough you get promoted. His request (.doc format) is informative. I should point out that the U.S. military already has such a network (I'm not even going to ask why the Feds can't piggy-back on it), so GOVNET would be for critically-important government agencies like the Department of Agriculture to communicate.
Why not just encrypt across internet2 or something? i really don't understand why everyone is crying pearl harbor about everything anyway...
and get spammed with MAKE WHEAT FAST!
I think this would be a good test case for the government. They could use IPv6 and Internet2 standards, with full encryption of messages and full security.
Would be a good test case - if it works, then we can expect to see a clone system roll out in major cities within two years.
--- Will in Seattle - What are you doing to fight the War?
I guess I'm messed up, cause I thought the original inception of our current internet *wasn't* private either. So, what's the rukus? (aside from them already having one)
...and that's the end of our show. Donk!
People are using the terrorist threat to do things they wanted to do anyway, but would not normally be allowed.
Secrecy and weapons sales corrupt democracy: What should be the Response to Violence?
Bush's education improvements were
You mean something like this *DOESN'T* already exist?
>Whatever happened to government not being above
>the people?"
I think it is about the government being separated from the people. So this sentense per se is irrelevant.
Let's not bash the Department of Agriculture--without them, where would I get my Rice Crispies? =)
CDE open sourced! https://sourceforge.net/projects/cdesktopenv/
So, they want to set up an intranet for the government. Why is this a bad thing? Should all corporations be required to use the internet for any and all communications between employees/remote sites/customers?
In business news, Cisco Systems stock [CSCO] rose 60% today.
Thank god for USA Today: America's Pravda
Somewhere, something incredible is waiting to be known. -- Carl Sagan
A private, secure network is by definition fairly small. The larger the network became (as would be necessary given the size of the US gov't), the more opportunity crackers would have to get in.
The goverment is simply too large to expect that a separate network would make it that much harder for crackers to get in.
This Govnet idea is a good one! To keep hackers out so our government has the time and resources to apply to defense is a relaxing concept. I support it.
You don't want the government (or anyone else) spying on your connections, do you? You believe in having your own lines which you control and which don't depend on someone else's ring or something, don't you? Why should the government behave any other way?
Also, this will keep the government from eating up our bandwidth, which we need for pr0n and warez! Also a good thing, although I'm sure that the aforementioned uses consume dramatically more bandwidth in a day than the government does in a month.
In any case, I don't see how anyone could get snitty about the federal government wanting to build a secure private network. It's a good idea, and long since time.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Most large government agencies already have extensive WANs. The Judiciary (third branch) has a WAN called the DCN (District Court Network) that connects all 92 Districts. To my understanding many agencies falling under the dept of Justice also have their own WAN's.
Looks like a lot of the "GOVNET" is already in place.
Now if they outlawed strong encryption but used it on this network it would.
Oh wait come to think of it they have Nukes and the people dont. No one makes a fuss about that because we're not stupid.
Dumbass Poster
Free Unix? Free Windows. http://www.reactos.com
Government action:
#1 legally restrict secure communications
#2 build private network for security
If you need text styles to communicate then you don't have a message.
-foxxz
Startup.com the movie was about the same kind of government meets private industry to spread information scheme. They failed, hopefully this wont.
If my memory serves me right, the Internet is the bigger grandson of ARPAnet, which was originally developed for secure voice and teletype transmissions.
I say "Bring it on!" Not for a hacking standpoint, because really, what's the point? I think that GOVNET will eventually become another arm of the Internet eventually. It only makes sense that at least one department (Office of Homeland Security comes to mind) will want a direct link to the Internet to make work easier, and then another and then another, and finally, the GOVNET will just be another section of the internet, the same way WAIS and GOPHER are today. I wouldn't worry.
BTW, my thought that ARPAnet was the start of it all is sort of correct. You can check it all out right here.
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
does the government really need this sort of specialized medium? is it really because of a "hacker" or "terrorist" threat? i thought the government spends *billions* of dollars every year so that something like an independent gov.net type of medium wouldn't be necessary? i must be missing something. ah well...
What happens when the hacker is a government employee?
Oh yes...those top secret pork bellies reports are vital to national security. So much so that they have "Animal Farm" syndrome and are paranoid of potential attacks.
What STUPID POS(not point-of-sale) program are they going to think of next to waste our hard earned money on?
"Just Smile and Nod." --Huck
These networks can't even be "integrated" into one another because of different classifications levels etc. There isn't even a way to move data from low to high (systems of low classification to systems of higher classification), because the fact that the high network wants certain data from the low netowrk is sensitive itself.
"A better way, Rasch suggested, might be to improve the ways sensitive information is encrypted and sent over public networks such as the Internet"
It is my understanding that this is exactly how the DOD's classified networks work. I suppose I could be wrong, but I doubt it.
sHi
As far as I know this already exists in a way. The department of defense operates the defense switched network (DSN) which is a telephone switch network. DSN is used to do such things as launching nuclear attacks and has priority over the other telecommunications networks in the US (this is my understanding of it). Why doesn't the US just increase the capacity of this network and keep on using it?
...Dept of Agriculture anyway? Not like they're hiding aliens or covering up the JFK assassination :D
Of course the government is above the people! No-one ever said otherwise. Government makes laws, government sets taxes, need I go on? Why oh why must Slashdot keep posting the most idiotic comments on stories? Don't the Slashkeyboards have delete keys? Or is editorializing equivalent to "censorship" in the New Republic?
Apart from being a misnomer, it's an idiotic comment anyway. What kind of idiot thinks that the government should put its official secrets through pipelines owned and operated by commercial entities?
This is our government's security expert? This is his big plan to keep government data safe?
The Internet is everywhere. It's so purvasive that there is zero chance you can have any isolated network. The second some low-level government flunkie at the Bureau of Railroad Employee Retirement signed onto AOL to check his e-mail, boom, there's a gateway.
My thinking is that they plan to use GOVNET as an excuse to be lazy. Everything will have minimal authentication because there's no way big bad hackers can get on the network, right? Except that any PC on the network can easily become a gateway. There are plenty of examples of "private" and "secure" networks that were breached through classic hacking techniques like social engineering and wardialing.
This is stupid. What bout PPTP/VPN? Why can't they just make a virtual network that runs over the Internet like every other business is doing? The infrastructure costs are minimal because you aren't running redundant wiring. It's just as secure, in fact, it's more secure because you are going to be extra paranoid about things like password schemes and encryption levels if it has to survive some public data transfer points.
A few years ago, AOL tried to market this to companies. They called it EOL for Enterprise OnLine. Basically, for a fixed fee per user, all your employees got AOL accounts and access to a private keyword with your company's Intranet.
Except no one but Century21 ever signed up, as I suspect they got a good deal for being a test case. No one saw the point when security, done properly, is going to produce a much more versitile and cheaper result.
To make an analogy, this guys is suggesting that every government office get a tin can and a string so that they can communicate securely because there's alwaye the potential for someone to tap the phone lines.
Re-freakin-diculous.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
I don't know about you, but I would not want all government functions on my net. I think the Military probably said 'Thanks, but no thanks.'
www.bannination.com Two things float to the top he
Yeah, if the government isn't able to keep the flow of drugs coming into the country, society might fall apart.
It was called ARPAnet.
Ok, so what's the big deal? My company has an intranet to keep the unwanted away from our sacred data. What's wrong with government doing this? How does this make them "above the people"?
Yes, I'm still a junky. Are you still a bitch?
What happens when some kid with a summer internship is working in some lab, brings his laptop in, uses it to do his job, and figures out he can use the modem to go grab some mp3s on the internet?
more general, wouldnt it almost instantly be linked up to the public internet due to people doing things like the above, heck without even knowing what they did? what about people who DO know what they're doing and just dont care? surely getting 100% of everyone using a private network to NOT link up to the net is impossible.
course, maybe its more like putting a white fence up around your field of horsies. you can jump over it, its just inconvenient and blocks the majority...
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Well, I can't say it would be "secure," but certainly it would be "more secure." Come on, anybody who has read the RFCs for IP KNOWS that eavesdropping wasn't at the top of the list of concerns when the protocol was written.
Besides, the government has been using private networks for quite a while, this is just yet another private network. I don't think that I'd even want to run a business without SOME privacy.
Working for the military, I know that the US's classified network is shared w/ second parties (Britan, Australia, New Zealand, Canada) is physically separate from the internet. The only way we import stuff off the internet onto our network is copy it to a CD using an unclassified system, viral scan it and other measures, and place in a classified machine.
All 5 countries have access to it, but classified stuff still has to be encrypted for transmissions. And we dont use commercial stuff for that, each country uses their own stuff.
The interconnection of the 5 countries allows us to share data as we see necessary.
This separation from the internet keeps the classified network safe from things like Code Red or any other viruses and worms.
I'm all in favor of the civilian government (even the all important USDA) and the military having separate networks. In the ideal world, this would
./ readership knows, you average pubic worker/ 9-5er doesn't know enough and hasn't been trained enough to do his/her part in network security (i.e. not writing password on sticky note posted on monitor with phrase "Network Password Don't forget!!!")
be fine. The civilian governmental agencies could use the same network without problems and without interference.
Needless to say, this is not an ideal world. Do you think Billy Bob the Forest Ranger and Gordon the Beef Inspector (to use USDA examples) are going to do his part to keep the same network secure that James the Spy or Steve the Strategic Planner use? As the
Moreover, the separation of civilian powers and military powers is an important American ideal. If some civilian agency (the GSA maybe?) is investigating the military, you usually don't want them seeing or interfering with your communications. That can't happen when your network admin takes military orders, and will knowingly break the law under orders. A civilian government employee, on the other hand, can legally refuse to break the law without retribution by the employer.
So, all in all, its probably a good idea to keep the networks separate.
My email is real.
or something similar, which used the same protocols as TCP/IP, but over private lines which encrypted the data at the hardware level. Anyone have more info?
Whatever happened to government not being above the people?
Nice troll. I suppose suppose you think that the government should allow us all into their LANs - firewall separate the people from the government. And they shouldn't use private WAN links - they should transmit all their packets on public internet (and no VPNs!). Nor should they use encryption - that's just another barrier between the people and the information.
Come on, we're not talking about hiding stuff that's not already (theoretically) hidden. We're talking about basic security. I'd be shot if I seriously proposed to my employer any of those tongue-in-cheek items in my first paragraph - and we're a private firm. You don't let just anybody look at you're business. "But we're the people," you cry. "We have a right!" So you do. Consider the privacy implications of unsecured governmental communications. The feds have HUGE amounts of information about the citizenry, and I think that info should be secured from the likes of J. Random Cracker. Whether or not the government should have all that info is a question for another day, but surely they should secure what they have.
If you want to know what the government knows, use FOIA. Consider it a public interface; don't worry about the implementation details. Use your vote to eliminate bad implementors. encourage investigative journalism. Demand accountability in recordskeeping - make Ollie North a traitor. But for heaven's sake, don't be so pigheaded as to think that we should take phones out of government offices because ureaucrats use them to have point-to-point, uneavesdropped conversations.
P.S. I'll bet some proactive GS IT types are using current events to finally get some long-needed network security into place.
So if you wanted to launch an attack you just blow up the exchange box. Or if you wanted access tap a line?
... "I can't access my email!" "Your email can't access you, either, Mr. President." "I can't use AIM!! Damn it, what's going on here?! Launch the nukes!" "Sir, do you realize you just launched several ICBM's with warheads full of grain? I thought I told those damn farmers to stay out of our website.."
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
This is what most large companies do, buy a bunch of leased lines and run an ATM backbone (or other technology) over it to provide an internal WAN capability...
Why not do it over the internet in general ??? Well this way you have guaranteed bandwidth characteristics, as much data hiding as you want, and each office does not have to expose itself to the internet in general
I just hope they don't adopt microsoft outlook as their official e-mail client
GoatPigSheep, the 3 most important food groups
Apparently normal tunneled/encrypted TCP/IP traffic isn't good enough. I suggest carrier pigeons in bird-shot resistant suits. (Hey, we're already bordering on the illogical, make-work type of gov't project already, right?)
As is often the case this sounds like people who only know a bit about the technology and options making very expensive suggestions.
A few alternatives to consider:
The government expanding the network already in place for the "Internet 2" initiative (high bandwith application testing) which currently exists between a network of universities, is already in place, and already has the fiber allocated and lit.
The government buying (or leasing in some form) some of the thousands of miles of dark fiber strung recently in the massive network infrastructure buildout.
Then, a second more practical and imporant suggestion. The government's goals are to ensure secure communication, ensure access to critical government data (not so much websites but FBI photo files, salelite imagary, even census data), and ensure critical command infrastructures.
Look at how non-goverment agencies accomplish very similar tasks - Banks use a web of network providers (usually at least two, often three) providing basic network connectivity to data centers; they often layer this with dedicated encryption (so that any traffic across public switched networks is encrypted); sometimes there are networks with-in networks (VPN tunnels etc); and there is extensive (and expensive) redundancy of all systems (and usually key people).
This redundancy would be rather expensive and difficult for most government agencies - but it is likely required. This includes physical as well as technical redundancy (i.e. serious data centers have power from multiple power grids entering the building at multiple locations; similarly they have data leaving the data center in multiple ways.
Now the good news - the government could probably pick up seriously redundant data centers, servers, networking equipment, fiber (dark or lit but already in the ground) for a very reduced price with the recent consolidation and collapse of hosting providers and network equipment vendors.
Rather than using this to build an entirely seperate network - if the government took the appropriate steps to secure and protect the system if could overlay the existing Internet without much difficulty.
(I would recommend of course that the government look at using the appropriate equipment for this job - i.e. secure and reliable OS's runing on physically secured machines)
Hope someone reads this and expands on my suggestions.
- some disclusures - I do not currently work for the government - my company is a software and consulting firm that may in the future do business with the government.
-- Join us in Chicago May 1-4th for MeshForum -- writer, historian, tech geek, entrepreneur, internet junky since '91 --
Allows:
This is basically the way the military handles things, and it works fairly well. The largest issue is that the military had much of this infrastructure in place prior to the huge growth of computer networks, so much of the infrastructure isn't as integrated as it should be. I'd love to be able to design a system like that from the ground up. Can you say Voice-over-IP in all US government agencies?
Good things, indeed.
JJ
disclaimer: I run networks for the military...
If GOVNET is supposed to be 'separate' from any other network, that means that there will have to be separate phones, PCs, servers, etc. that only connect to the GOVNET.
I'm so tired of the constant blathering of anti-government rhetoric on here I could puke.
Ever seen those t-shirts, or bumper stickers that say "We Are The People Our Parents Warned Us About" ? Well, guess what -- Our big terrible evil mean 'n nasty fascist secretive athiest Bilderberg-controlled masonic men in black loving government is the same fucking thing. Its composed of people like you and I, not evil robots that try to strip us of everything we own in some gigantic conspiracy to "ruuuule the wooooorld"...I swear to God, Slashdot should hand out aluminum foil helmets upon arrival. Between this garbage and the brain-vomit that comes out of YRO, it feels like i'm watching a cult in the making.
If the government were as truly evil as you think they are, they would have already killed you, or would have prevented you from being born in the first place, let alone let you (gasp) speak openly in public!
A healthy criticism of the government is a normal, and necessary part of any democracy. Fanatical raving about how the government is out to get you because you have a fucking program on your little computer is nothing short of pathetic.
My $0.02, moderate me however the hell you want. I could care less.
Bowie J. Poag
Why do you think this a bad thing? I don't have a problem if the government sets up their own private network. If done properly, with appropriate hardware based encryption, it would certainly be harder for anyone to hack than current systems connected to the internet. Yes, it is true, that as the system grows, it will become more vulnerable to hacking, but that does not mean it will be easy to hack. And if you truly think the only information the government needs to ship around is wheat prices and pork belly information you really don't understand how our government works. Yes, many agencies have their own internal networks, networks that are isolated from the internet - why? Because private networks are not as vulnerable. Yes, a lot of work would have to be done to integrate those networks, but the payoff in better communication, better productivity, and less duplication of effort, in the long run, might be worth it. My .02
I read your post and think it offers some interesteing points but its clear that you havent worked in corporate IS which might change a few perceptions.
1. The second some low-level government flunkie at the Bureau of Railroad Employee Retirement signed onto AOL to check his e-mail, boom, there's a gateway. - Nope - i can lock it down so he cannot even get to the site and without local admin cannot install anything - we already do this with hotmail and yahoo etc due to people getting round our virus scanning and mail attachment restrictions by using hotmail - thus infecting us in this way - its simple proxy control and group policy application
2. VPN and PPTP are great concepts but shitty in practical terms - we use it here for remote clients and it is the bane of my existence with failed clients and forgotten passwords - its find with a limited number of remote sites but is cannot be used to replace infrastructure in larger (5+ people sites ) the only solution there is Frame/ATM
3. EOL sucked as it ws simply AOL attempting to give corporates a cheaper intranet option back before internet access was a standard thing
Drawing the TIN can analogy is a joke - the guy who wrote the article is an idiot in many ways but dont oversimplify the argument like that. The fact is with IDSL and Frame and ISDN running a routed network for communication and a good firewall and admin policy (and staff) you can have a secure environment (even on MS products) and totally private - the environment this guy is describing covers this and i suspect in most cases is already in place, as for offsite i think stronger mail encryption for them and PPTP would be sufficient for limited exchange.
This is one guy trying to make a name for himself and hes doing it by stating the obvious.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Of course the government is above the people! No-one ever said otherwise.
And who, exactly, concurs?
Apparently, this AC is unfamiliar with the concept of a representative government.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
I don't know if "critically-important government agencies like the Department of Agriculture" was meant to sound sarcastic, but I don't seem to be the only one who read it that way, judging from a couple of comments here. I'd just like to point out that the Ag Dept does an awful lot of good. Aside from various projects that help keep rural America afloat, the Agriculture Department also runs the Forest Service, protects open space, keeps ag-related disease out of this country, provides low-cost foods for school lunches, and does all sorts of other nifty behind-the-scenes market-oriented stuff to help ensure that when you go to the store, the stuff you need is always there. And affordable. If the Ag Dept vanished, you'd notice.
This alll sounds fun to me. Its about time we get a huge network to try and access through our beloved Internet. I wonder how long it would take people to expose the wonders of these 'private' networks :)
-- If it aint broke, fix it till it is. --
It's part of the internet as envisioned by Clinton, a complete private government network for Pr0n. Eventually all pr0n will be outlawed, available only in special government archives for use by government investigators and officials in thier research projects.
Eventually all the best pr0n will be there, leaving all of the junk out on the net as a collection of blind links going in an endless circle.
This is as good a reason as any for this network, to safeguard the government pr0n collection
"It is a greater offense to steal men's labor, than their clothes"
My thinking is that they plan to use GOVNET as an excuse to be lazy. Everything will have minimal authentication because there's no way big bad hackers can get on the network, right?
Yup, that's the way I read it too. It is deluded to think that individual government computers don't need to be secured. For example, if there is a vulnerability in the http server of a public web server (www.whitehouse.gov or whatever), GOVNET probably won't even slow down an attacker. And once a few boxes inside GOVNET are 0wn3d, then you pretty much have to use ssh and secure the rest of your services and so on. Now, if GOVNET isn't treated as a panacea, the idea is probably a good one (most denials of service wouldn't affect government->government traffic, some attacks would be harder, etc). The biggest downsides I can see are practical. Do they really have one agency that can run this thing and keep it up and keep it robust and not fall prey to turf battles?
2. Spend billions upon billions of dollars to replicate the Internet, whose supposed network-wide security could be compromised by tapping into a LAN at a Dept. of Agriculture office or whatever.
Of course, many Internet protocols are wildly insecure, due to the academic roots of the 'Net when security wasn't an issue. However, we have https, ssh, all that good stuff now.
I demand you show me more than a handful of properly administered (Yes, MS software could possibly be a part of that) government computer networks that have been compromised like this guy fears. Unix-based servers with good IT people backing them up are pretty goddamned solid. DDOS attacks are probably the only threat which could be helped by building DARPANET-2. What a dumbass!
--hongpong.com
Those of us who either currently work or worked in the past for Uncle Sam know there is an IP network in place for DOD, NSA, CIA, FBI and some other agencies for passing around classified info.
Why the need for another one?
SIPRnet is probably the name you were trying to remember. It is used primarily by the Navy, but also extends to other branches of the military.
Is your company running tools written by ma
I don't think the wrong people viewing secret data has anything to do with the gov'ts reason for doing this. More likely to prevent some worm from bringing down the entire net forcing the gov't to communicate the old fashioned way.
posted without the +1 bonus, so it's easy to ignore:
Request for Information for a Government Network Designed to Serve Critical Government Functions (GOVNET)
1.0 SUBJECT
Request for Information (RFI) for a Government Network designed to provide protected services for critical Government functions. The network is designated GOVNET. Responses are due to this RFI by 4:00 PM on November 21, 2001. See section 8.0 for further information.
2.0 DESCRIPTION
The General Services Administration, at the request of the Executive Office of the President of the United States, and the newly designated Advisor for Cyberspace Security, and in support of National Security goals established by the President, is seeking information from industry that will assist in the development and deployment of a special telecommunications network, GOVNET.
Specifically, this RFI seeks the following information:
Conceptual technical architecture alternatives
Technical feasibility alternatives assessments
Approximate cost information (i.e., order of magnitude, ballpark estimates, etc.) for alternatives
Information about spare or unused telecommunications capacities that could support GOVNET minimizing the need for special construction and associated costs and time delays
Schedule estimates
Ideas and suggestions that provide alternative approaches to designing, developing, acquiring, operating, and managing GOVNET
3.0 REQUIREMENTS
This section enumerates the high-level functional requirements for GOVNET. For purposes of responding to the RFI, requirements in the form of hypothetical locations to be served and associated traffic requirements for initial operational capability (IOC) will be made available to interested respondents at an information exchange meeting (see Section 6.0, below).
GOVNET will be a private Internet Protocol (IP) network shared by government agencies and other authorized users only. GOVNET will provide connectivity among users to a defined set (to be determined) of service delivery points.
There will be no interconnections or gateways to the Internet or other public or private networks. This applies to any network management, control, and maintenance functions for GOVNET as well. Initially, GOVNET will provide private intranet data connectivity within the contiguous 48 United States (CONUS).
GOVNET will provide commercial-grade voice communications capabilities within the network among specified users using the data network components and protocols. Voice services to be supported will include, but not be limited to, conferencing and multicast/broadcast. No connections or gateways to the PSTN or SS7 are envisioned for voice communications.
The potential for adding video communications also exists as a secondary requirement at this time. Video services to be supported will include, but not be limited to, conferencing and multicast/broadcast. As with voice requirements, there will be no communications or gateways outside of GOVNET.
GOVNET will support critical government functions and will be immune from malicious service and/or functional disruptions to which the shared public networks are vulnerable (i.e., so-called cyber attacks). In particular, it shall be impossible for malicious or intentionally disruptive activities (e.g., denial of service attacks) to be perpetrated within GOVNET from any network external to GOVNET. Similarly, it shall be impossible for malicious code (e.g., computer viruses) to penetrate GOVNET from any network external to GOVNET.
GOVNET will provide the highest levels of reliability and availability including trunk and access diversity, and rapid response times for customer outages. This RFI does not specify a particular requirement for availability or reliability. Responses to this RFI will assist in establishing this requirement. In formulating responses, each respondent should describe the reliability and availability characteristics of each alternative included in their response.
GOVNET traffic will be secure (i.e., encrypted by the network using NSA approved encryption techniques), and will be suitable for carrying classified information. For purposes of this RFI respondents should assume encryption of payload data only. No encryption of routing or addressing information is contemplated at this time.
GOVNET will be a turnkey solution offered and priced as a service to participating users. For purposes of this RFI, assume a single invoice with supporting detail presented monthly to GSA will be acceptable.
GOVNET will offer bandwidth-on-demand services at user locations and will be scalable to meet growth in overall network demand and/or peak requirements.
All GOVNET components and links must be located in the U.S. or Canada.
GOVNET shall evolve to maintain technology and service currency with state of the art commercial services to the maximum extent practical.
GOVNET will be operated on a 24/7 basis by the contractor.
GOVNET will provide initial operational capabilities (IOC) within six months from contract award. For purposes of responding to the RFI, IOC is defined as full GOVNET IP connectivity to all locations that will be made available at the public information exchange meeting. Within 12 months after award, voice and video capabilities will be available on GOVNET.
Other requirements not directly related to physical network and services isolation will be addressed at a later date. Examples of such requirements include security policies and security management requirements, required active defense measures, security of network management and control technologies, network capacities, service level agreements, and other important considerations.
The purpose of this RFI is to gather information about those requirements enumerated above. To the extent simplifying assumptions are needed, respondents are encouraged to make and document such assumptions in their responses.
4.0 POSSIBLE NETWORK SOLUTION
GOVNET must meet the functional requirements specified above. The Government is open to alternative concepts for solutions that meet these requirements. The Government encourages creativity and outside the box thinking in responses to this RFI.
One possible solution would be to build a completely dedicated network based on dedicated physical fiber pairs and full path diversity. All hardware would be dedicated, including all transmission equipment, routers, switches, multiplexing equipment, network management and control equipment, etc. In addition, all management and operational personnel would be fully dedicated to the network.
This RFI seeks information about a fully dedicated non-shared network as well as other approaches that could meet the functional requirements with additional levels of sharing of personnel, equipment, and connectivity paths. In doing so, the Government seeks to understand the tradeoffs among risks, costs (initial and ongoing) and alternative technical architectures that incorporate increasing degrees of sharing.
Accordingly, respondents are encouraged to provide information about any alternatives that can be demonstrated to be immune from the kinds of disruptions described in section 3.0, above.
5.0 SAMPLE RESPONSE OUTLINE
Following is a suggested outline and suggested page counts for a response to this RFI. This outline is intended to minimize the effort of the respondent and structure the responses for ease of analysis by the government. Nevertheless, respondents are free to develop their response as they see fit.
Section 1 - Conceptual Alternatives
Briefly describe two or more alternative architecture concepts for GOVNET, including the reliability and availability characteristics of the alternatives. Discuss the capability for the architecture to expand to meet video requirements, and to meet needs outside CONUS. (3-5 pages per alternative with one diagram per alternative identifying the brand/type of equipment that would typically be deployed)
Section 2 - Feasibility Assessment
Briefly describe the feasibility of each alternative and the design tradeoffs involved as matched against the functional requirements and risks of penetration. (1 page per alternative)
Section 3 - Cost and Schedule Estimates
Provide cost estimates for each alternative for 5 and 10-year contract terms for non-recurring and annual recurring costs using the locations provided at the public information exchange meeting(one page table). Also, discuss cost drivers, cost tradeoffs, and schedule considerations (2-3 pages)
Section 4 - Corporate Expertise
Briefly describe your company, your products and services, history, ownership, financial information, and other information you deem relevant. (no suggested page count)
In particular, please describe any projects you have been involved in that are similar in concept to what is described in this RFI, including management and operations approach, security requirements, security assurance processes, and any relevant lessons learned (1-2 pages per project).
Include any comments on the structure of the requirements for a formal RFP response.
Note - please also describe any network capacity assets that you might be willing to dedicate for deploying GOVNET. Examples of such assets might include unsold or unsubscribed capacities, so-called dark fiber routes, assets designated for liquidation or that are financially under-performing, etc.
Section 5 - Additional Materials
Please provide any other materials, suggestions, and discussion you deem appropriate.
6.0 INFORMATION EXCHANGE MEETINGS
GSA and the Special Advisor for Cyberspace Security will hold an information exchange meeting to discuss this RFI with interested potential respondents. Details about this meeting will be made available at a later date. If you wish to attend this meeting, please respond to the contact provided in section 8.0, below.
In addition, GSA will consider meeting individually with interested potential respondents. If you are interested in requesting such a meeting, please respond to the contact provided in section 8.0, below.
7.0 DISCLAIMER
This RFI is issued solely for information and planning purposes only and does not constitute a solicitation. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. In accordance with FAR 15.202(e), responses to this notice are not an offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI.
8.0 CONTACT INFORMATION
Following is the Point of Contact (POC) for this RFI, including the public information exchange meeting:
Mr. John (Jack) Braun
(703) 306-6423
jack.braun@gsa.gov
Please submit responses via e-mail in Microsoft Office format by 4:00 PM on November 21, 2001, to the POC at: govnet.ts.fts@gsa.gov. You may also submit supplemental hardcopy materials such as brochures, etc. (5 copies each) to the POC.
Mooniacs for iOS and Android
Oh, but that's the devious bit. Nobody would ever suspect the Department of Agriculture. Think about it, though: Wouldn't those big silos be just perfect for hiding UFOs?
(Posting anonymously because of them.)
NASA Science Internet:
http://www.nsi.nasa.gov/
http://www-sisn.jpl.nasa.gov/ISSUE37/NSI.html
The government wants the network up and running six months after a contractor is picked
Is this the same government I'm familiar with? 6 years, maybe. Cripes, I wait in line at the DMV longer than 6 months, let alone roll out a new security infrastructure.
There is no reasonable defense against an idiot with an agenda
:wq
I don't think a public web server would be part of the GOVNET. Most likely it would be located either in a DMZ or at the least completely seperated from the GOVNET. There is no reason to connect a public web server to an intranet.
I don't know if Michael knew this and was making a joke, but the Dept. of Agriculture actually has a lot of workers there who don't technically work there- they actually work for another branch of government (security- CIA and whatnot) and they use this Dept. as something of a front. I don't know if this is still true to this day, but it used to be someone's family members didn't even know that they didn't really work for that Dept., and when they called them at their office, the phone rang to what they thought was actually the Agriculture Dept., but they were really calling a completely different building. No conspiracy theories here, just an interesting side note.
I hope they doesn't think about making parts of this GOVNET wireless, the day they do that they're hacked for sure. And anyway, I dont think it will work with such a large network without any loopholes in it (with or without the wireless feature).
;-). And finally I think the reason that the Feds can't piggy-back on the U.S. Military network is just because they will screw it up.
Think about it for a while, how many works for the government in the US today? And if just one of those are lazy/stupid/corrupt or anything else, they will have a LARGE enough loophole to be hacked to hell. And how should they check if no one lazy/stupid/corrupt worker by mistake/laziness/stupidity/intention just happens to connect his pc to the other world? And how should they do with more practical things, like there may be some chance that some of the workers would like to get emails for instance from people not on GOVNET, or maybe they must use the ordinary net in work. Should they use two physically separated pc's in their work?
Alright, I say OK to the fact that it works in the network used by the U.S. military. But thats a big difference, they have more discipline, are fewer and are more easily controlled (compared to the Department of Agriculture for instance
2 reptiles beneath your current threshold.
It's called the SIPRNET and is completly encrypted and disconnected from the internet. The problems I saw with it were that it wasn't used very much or very well, dialup encryption is only 19.2 and highspeed drops require secure rooms, secure conduit, etc. and are very costly. Also the people that run goverment agencies don't really take security seriously. For a while sure but once they realize that security adds some inconviences they are more than willing to bypass it I hope Sept 11 has changed that.
Government will have its own secure communications network and citizens will have all tools used to secure their own communications taken away.
You make it sound like it's a bad thing to put a bunch of servers on a separate 'net.
I, for one, won't miss 'em. It'll be interesting to see if that takes a noticible chunk out of the worm traffic.
--CP
ICANN, VeriSign, that whole lot? Pretty please?
Edith Keeler Must Die
'piggy backing' (as michael put it) wont work for many reasons. I'll explain one major reason:
A person's security clearance. There are multiple levels: Secret and Top Secret are the two most common for military and intelligence uses (there are other levels of classification, but I'm singling out these two for simplicity's sake). Hence, the mil and IC share TWO separated networks, a Secret and a Top Secret (both separate from each other and separate from teh Internet). People with a S clearance cannot access the TS network. But people who are TS cleared can access the S network if their job deems it necessary.
Now for to the rest of the government. Many agencies dont require a security clearance at all (ok, they do require criminal bkgd checks, but that's about it). Question to ask is do you really want uncleared people accessing a network made for classified data?
What I think is being proposed here is a third network that's an Unclassified standalone network (standalone meaning separated from the Internet). This will allow agencies like USDA or Agriculture and state/local gov'ts to be separate from the Internet so that they become more immune to attacks and viruses.
The only issue here is when these people need to access the internet for real. Currently in the military, that means a few internet workstations shared by 30-50 people and each person having a classified box at their cube. If the job deems it necessary, people can have both at their desk. The problem here is an increasing number of computers.
IIRC, DARPA (or one of their contracts) is developing something that can allow a machine access to multiple networks simultaneously, yet keep everything separate. Whenever that gets done, that'll save money on buying physical workstations.
(Note: S and TS are shorthand for Secret and Top Secret)
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
You lose a lot. First, the government is no longer supporting the public network.
The Internet MUST be made secure. We need to accomplish that, not just allow it to be insecure and then pay for a lot of separate networks. It would be great to have the government help everyone else accomplish security.
Second, having a separate network creates a sense of separateness among government employees. There is too much of that already.
Remember, a separate network means that employees no longer have access to the Internet. They can't join in with the discussion on Slashdot, for example. They can't see what people are saying. They can't do research on other ways of achieving security. They can't check their e-mail. A democracy should try to accomplish security, but not separateness.
Third, having a completely separate network is EXPENSIVE. We lose the right to spend our money on something else.
There are cheaper ways of accomplishing security.
Every time someone proposes to do something that doesn't make sense, and costs a lot of money, look for the real reason.
President Bush's father is connected with a company that wants to put a pipeline across Afghanistan: What should be the Response to Violence?
Bush's education improvements were
The point is they are unable to be 0wned because they are not on the internet. I can not see any reason why this would not be at least as secure as a normal corporate network. [And they can be damn secure]
Not Meta-modding due to apathy.
You're speaking of Intelink. If I recally correctly, everything on Intelink is classified at one level or another. Government documents (a memo to you boss) is not classfied. If you put everyone on Intelink, you're going to have to give everyone in the government security clearances (which is costs money and time) and you have to classify all your documents. Bad idea. You are effectively making all government operations classified. Again bad idea. It's blantanly obvious the government can't secure their systems (hell, they lose laptops left and right), so this is probably the only way to fence them off from hackers.
there are no stupid questions, but there are a lot of inquisitive idiots
So its ok for companies to use a private leased line network, but its not ok for the government? Civilians will never know if the .mil network is already capable of supporting this. A question to ask is, is this for military purposes or not. if it is, use .mil, if not ask why we need it, since in my opinion the gov't ought not to be doing much else with this.
Where do you want to be, What are you doing to get there.
I'll take it the way most government networks are connected now are via VPN or just plain old TCP/IP into the wild, wild, net.This is either a problem, or actually helpful the way I look at it. The infrastructure for the existing network can bounce around the net if X Router is disabled or Y backbone is cut. There is massive redudancy
By putting all government computers on one easily identifiable network, aren't you just making a bigger, easier target? Doesn't this just paint a big huge bullseye on the government network infrastructure? You would need a very, very large distributed network to achieve the levels of backup redundancy current internet routing provides.
On the other hand, segmenting the network off from the internet as a whole eliminates (most) of the electronic attacks. If you have a seperate network tightly controlled by physical security this could definietly work. For this to work I think you would need some heavily guarded data centers distributed liberally throughout the country.
Comments anyone?
Duh , they already have it its called NIPERNET and SIPERNET. :B
While I don't have a problem with this project on a philosophical standpoint like many on here claim we should, I do have some concerns:
1) It costs money and time.
*I* have to pay for this project. This isn't going to be something cheap either. We're talking billions, not millions, and it probably wouldn't be completed in a decade, not years.
2) Who will get access?
All it takes is one spy/criminal with a government job to have access to this network. Albeit there will probably be certain areas that some may not be able to access, but all it takes is one technician, who works on the network and has full access to it, for information to be compromised.
In addition, is the government saying that professors doing their research aren't going to have access to say, the Dept. of Labor's statistics? Trust me, if any group of Americans are good at giving up a stink about the government, it'd be the technocrats of the US. They won't tolerate being left out.
3) What the hell is so secret?
I've long been of the opinion that if the government has something it doesn't want the public to know, it's probably doing something the public doesn't want it to do. I'm not saying that we should demand the gov't put up a website with tax databases available for download, but the only thing I can imagine needing to be secret is private data on citizens. But then again, on that topic I have to beg the question: "What are you doing collecting private data on citizens for?"
As far as security of data for foreign issues, like "protecting America's interests", once again, I have to ask: "What interests are you protecting?"
4) Existing methods can do the job fine
I can't imagine how a separate network could be shown in a cost-benefit analysis to be more efficient. But then again, our government *isn't efficient*, so it doesn't suprise me that they'd try something like this instead.
Ironically, the government does not need to consider cost in deciding whether or not a project is worthwhile. Indeed, if they need more money, they just increase taxes or pull more out of the Social Security Multi-Level Marketing Scam. It really doesn't make sense, but that is the way our government works. We just have to accept it.
or a case of four legs good, two legs better?
Sorry I didn't include the existing method, VPN. Tunnelling through a VPN would be perfectly able to solve whatever issues they are having security-wise, and they could even design a protocol to do VPN tunnelling with a higher level of encryption than what is currently offered. It'd still cost quite a bit of money to do, but not nearly as much as laying new cable.
2001: Privacy advocates scream Big Brother up to no good and bemoan loss of civil liberties. GOVNET building commences.
2002: Microsoft proposes "GOV.NET". U.S. Government is impressed with plan to hand control of U.S. Government Information Technology Infrastrucure over to private company in return for promises that Microsoft Operating Systems on exisiting Infrastructure will function more reliably.
2003: GOVNET protocol figured out by shadowy hacker or group of hackers known as DarthBilbo and disseminated in Spam Usenet posts: 14 year old turns Department of Interior server into Gnutella node, 22 year old uses California Homeland Defense Office server to stash 100 gigs of porn and pirate music. Chinese hackers splash "F*** Poisonbox" on homepage of over 100 government servers.
2004: FARC and IRA Terrorist sympathizers, despondent at the decimation of their ranks in the past 3 years by U.S. Anti-Terror activity, launch crippling DoS attacks with Code Red, White, and Blue worm. Unpatched versions of IIS9 installed on 98% of GOVNET Servers. Entire GOVNET shut down. Worm works via social engineering exploit whereby all GOV.NET Server Admins get email saying: "Hi! How are you? I send you this file in order to have your advice. See you later. Thanks". IIS9 patch would have prevented this exploit by denying the Admins access to Server rooms by revoking the revolving monthly license for their Microsoft Passport service on their National Identification Cards. Nation awaits crippling of U.S. Infrastructure and mass confusion.
Nothing happens. An office worker in a State Department office building is quoted on the evening news as saying "Those GOVNET boxes? They never worked anyway. We just use them to play Solitaire and FreeCell. We all use our personal AOL email accounts and chat rooms to conduct important government business."
2005: President Rudolph Giuliani announces plans for GOVNET2. Based on earlier work on the RFC 1149 implementation. Privacy advocates scream Big Brother up to no good and bemoan loss of civil liberties. Building commences.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Do you think that some high-tech honcho agent of the new secret department of really secure network security is gonna want his computer disconnected from the internet so that he has to transfer diskettes or something to use his new artificial central intelligence algorithm to scan for new threats to peace? No way. He's gonna connect those machines somehow. And then there will be a
million breaches of the executive britches before anyone knows where all the crap is going.
Better we should invest in some way to put the internet on Iridium and drop four handheld terminals per capita on every country from the Philippines to Morocco.
OK so the Gov't is going to implement a "secure NW"
OK so the Gov't already has some "secure NWs"
OK so the Gov't is "wasting" money
Why is any of this news? The US gov't does this sort of thing all the time.
The US gov't gave the Airline industry 17 BILLION dollars. This is a group of people who couldn't move all the people who wanted to be moved AND still lost money! We're feeding a country we're bombing.
I say, "Let'em have their secure network," more jobs for me!
This
I work for a federal agency on a contract basis and I have some doubts about the feasibility of doing this stuff. As an example, there are about a dozen sub agencies in this single agency and each of them implement their own firewalls. The building itself is segmented off and there is a lack of uniform networking principles. In the end it doesn't hamper security that much, but it is *very* hard to consolidate the efforts into a single network idealogy.
Why? For starters, it is a political thing. One group likes NT, another Sun and another HP. There are vested skills and talents for managing the network for each sub agency. It may not look pretty on paper, but does anyone think you can really turn that sort of establishment on its head and impose a single network policy on the whole Government, let alone one agency?
A fresh start would in some ways be nice, and the terrorism as of late may be a strong impetus to get this off the ground, but I have some doubts about how productive it will be.
-- Solaris Central - http://w
The Canadian federal government has this already, although I believe it is built on leased lines. I think its called gnet, and is provided by PWGSC. Many depts using this had 3 levels of 'net - Public (for the public), "middlenet" - special sites only accessible from within govt, and intranet, sites only accessible from within the dept.
"Beware of all enterprises that require new clothes." --Henry David Thoreau
A separate and private internet for the government is an excellent idea. Despite the fact that many Americans feel that the government should have nothing to hide from its citizens, there are often details of life that necessarily must be kept from citizens in order to keep things ... smooth. National security is a very touch subject, and conspiracy theorists may swear that GOVNet is just another weapon of the "Leviathan" government of ours to make itself stronger or better. I might agree that our government is too large and too strong in too many ways, but I think we can agree that a secure information network is a necessity.
A net like this is just an invitation to be hacked. One of the best places to hide something is in plane sight. If they make their communications look like regular internet traffic, it will be safer than otherwise (i.e. send encrypted files as jpeg, although no graphics editor could make sense of it).
BTW. When the buildings are toppling, it's the local government communication systems that need to be high capacity, secure, and reliable. This plan is like the US Postal Service plan that assures that mail deliveries can continue even after a large nuclear exchange.
This should have been done a while back. It's all well and good the Internet being so widely available, but there are also idiots out there who can abuse it *and* us.
We all get the basic idea now; wide area networking is good, terrorists are bad. If the government is on a private loop, tought shit for the bad guys.
Letting the public onto a military system to start with was a bit stupid.
this would cut down on the government employees from surfing the web instead of working. They would have to find all new ways to waste time.
Of course, no hacker or terrorist would ever be able to infiltrate a TELCO!!! Unless the government runs its own fiber and hires its own staff to control all those lines and basically be its own GSP (GovNet Service Provider), they will always be subject to AT&T, WorldNet, Sprint, Qwest, et. al. hiring lowlifes to sniff^H^H^H^H^Hmonitor all those "private" WAN lines. Even if they impose strick regulations on the service providers requiring them to hire only people with security clearances, it just seems ridiculous to say that separate from the Internet = safe. (Which is a far cry from the truth...)
apparently if you cry wolf long enough you get promoted
Apparently not, or you fucking whiny-babies would be kings of the world.
Not that making information sharing quite so easy will be good for civil liberties or anything.
-jhp
/. -- the Free Republic of technology.
All anyone has to do is tap a wire. I'm sure they're not gonna be guarding the wires.
Liberty.
I have been declaring this to friends for over a year: Microsoft and its 'operating systems' are the biggest threat to American cyber security. If the virii and worms of the past summer and the slow response of Microsoft to address bugs, holes, and macro languages wasn't a wake up call to this country, what will be? Frankly, Microsoft could be brought up for treason for their lack of foresight on security issues. Microsoft's arrogance has opened large holes to be exploited. Their greed may cost America.
You want to protect America from cyber attacks, get to one of the roots of the problem, Microsoft's operating systems, their web servers, their macro-enabled Outlook email programs, and their word processing programs. They can cry that they are the focus of attack. Well, perhaps they ought to think that way and produce more secure, more thought out products.
Get your Kicks on Route 66
Hmmm, isn't the Forest Service part of USDA and don't they have some critical missions such as fighting forest fires?
Nate
This is a great move. Essentially, they want to create a large, secure, reliable, high-bandwidth infranet. That's a huge task. It will mean huge contracts, lots of money, and many jobs for networking companies that have recently hit hard times.
Will the network actually be more secure? Maybe, maybe not. If it isn't...so what? Just the act of trying circulates money.
If any machine on govnet Also has any other connection tp the outside world, then that connection could be exploited. The only completely safe network would be an island,and therefore not of much value.
That way, when they do get hacked, it'll be easier to keep it a secret.
I consider this an utterly irresponsible attitude for the government and I hope this is not implemented. To wash your hands of it and declare the Internet insecure and not fit for government transfers leaves millions of corporations - who in America provide the national infrastructure to a far greater extent than the government - who need security and reliability online out to dry.
We need a government who is going to say the opposite, that they will spearhead crypto & security research, put pressure on Microsoft and other weak security companies, and lead the way to making the Internet as secure, redundant, and failsafe as possible. *That* would be a service to the nation. Govnet is not.
yes, separated from DARPAnet way back in the late 80s, IIRC.
HOWEVER, I have seen so MANY subcontractors working on defense contracts trying to get generic internet connections fo whatever reasonsm, while I'm sure that they have milnet access on same or directly accessible machines that its disgusting.
Then again the Clintonistas would say that we don't understand we don't really need to ensure zero tolerance of physical interconnects between genero internet and milnet to ensure security. Go figure.
--- C00l
Code red took IBM's internal network down for about a week. You don't think that this network won't go down as soon as your favorite senator and mine dials out to the internet proper so they can spank it to the scenes of nubile young goats? It'll never fly...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
...and now you're CRYING? For chrissakes!
.NET or SunONE or slashnet or whatever) Internet, the only positive thing (other than the economic comedy of the dot-bombs) that has come out of this whole 'Information Revolution.'
LOTS of people predicted this would happen. Microsoft is hoping it will happen. In the mid-90s, the computer industry lobbied Congress to mandate the military use Commercial, Off the Shelf (COTS) software, hardware and network services. The G waited 2 YEARS for industry to get its act together, without success, and then the military opted to secure its classified traffic on the SIPRNET, a separate protocol, tunneled over the Internet and co-existing with it. SIPRNET is provisioned over leased lines, sold as "Bulk Black" by the backbone and MAN providers, who took over the Internet from the G's NSF.
Internet2 is not ready for prime time and is primarily an academic network, without the proper availability for the government networks. GOVNET can be provisioned as MILNET and SIPRNET is, saving the governmemnt money and protecting the information infrastructure.
Industry, the geeks and academia have failed to properly secure the Internet out of greed and mistrust of their own government, necessitating this move.
Meanwhile, by statute, the USG must make information public over a neutral (read not
Remember guys, this is Amerika. Just because you have the most votes, doesn't mean you get to win.--Fox Mulder
And on a related story, they plan to add a new Top Level Domain just for the GOVNET. Although there is no offical word, sources claim the new TLD will be ".FU".
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
...because Bob Pittman, a member of AOL's board of directors, was the CEO of Century 21 at the time. They may also have gotten a good deal, but that's probably not what got AOL's foot in the door.
Agriculture tracks vetenary anthrax.
CDC tracks anthrax.
FBI tracks crimials and terrorist.
FAA tracks planes, stray and otherwise.
Packet switching networks outperformed plain old telephone service (POTS) on Sept. 11, 2001.
Please pick which department or system you would do without in a crisis...
"I am Locutus of Borg, Resistance is futile, You will be assimilated..."
That's like saying there's a wire that's not bendable.
... give us all a chance).
Okay, let's figure this thing out. Government wants to separate themselves completely from the WWW. This means that they need to lay their own network of wires.
Let's figure out this deductively:
Step #1: Wireless: If they are dumb enough to use satellite communication for networking, all it would take is someone to go driving along in their van with a good enough receiver who knows where a receiver would be along the network, park their van close by, and tap into the mainframe with a large enough receiver. Honestly, there's no way you can completely guard an entire "wireless airspace." If they use hard cable...
Step #2: Cable: My assumption would be that they'd lay cable instead. Alright, no problem. Play the game by the network's rules (just like phreakers did back in the 70s and 80s)...find a line and tap into it. Again, all it would take is for someone to figure out that one of those cables is the GOVNET cable (or someone obtain a map of the GOVNET network...even if it's classified, I'm sure one would leak out eventually). Even if it's out in the middle of the Utah desert, all someone would need is a shack and an electric pole running nearby the cable and he could easily break into the data stream.
Of course, I'm sure that GOVNET would also be using some style of encryption (hopefully...I want to assume that they would hire technicians that are THAT ignorant, but they do pay $1000 for a toilet seat, so who knows what bozos they'll hire). But even so, the point is that once you have some way of tapping into the line itself, you could broadcast it however you like to the surrounding region with a wireless tranceiver (heck, go for 802.11b
I probably don't have all my wireless networking tools correct, but the point I'm trying to make still stands out: any network can be physically broken into, since it cannot all be guarded throughout the US. And after it's physically compromised, it's just a matter of time before we see Bush on GOVNET VidConference Viewer v1.0!
"We're not building new highways so we can move tanks and troops from one place to another..."
No, the appropriate metaphor is that you're building new highways for all government employees to drive on. And you think that will deal with road rage, traffic accidents, congestion, kids driving dirtbikes down the shoulder, and folks dropping rocks from bridges.
SIPRNet, or Secret IP Routed Network, I assume is what the poster is referring to. It's basically an IP network for classified information, and supposedly sealed off from the rest of the Internet. There are some heavily firewalled gateways to the Internet, but this hasn't prevented it from being hit from a lot of the VB script email viruses. It seems like a network that's completely seperate from the Internet would probably be a pretty good idea.
Sheepdot: Open Source good, Closed Source baaaaaaad!
there is a government owned and controlled network that is completely isolate from the 'internet'. if you were ever in the military you know what i'm talking about
It makes sense to create an Intranet. The UK Government already has such a setup, it is called GSI (Government Secure Intranet). Just makes you wonder why they haven't agreed to outlaw spam yet - any idea what will happen to the effectiveness if they get flooded with junk?
Insert
In the US Air Force, they refer to the internet as NIPRNET (Non-secure IP Router Network). Only unclassified info is sent across it, and sensitive unclassified or privacy act info is restricted to
The other network is called SIPRNET (Secret IP Router Network). On military installations its conduit is encased in concrete, junction boxes are alarmed, & cable drops are only in secure areas. Off the installations it's encrypted. I imagine the encryption is pretty strong since NSA designs the algorithms.
For more info check out these AF regulations:
AFI 33-202: Computer Security
AFMAN 33-221: Computer Security: Protected Distribution Systems (PDS)
Yeah, and between the installations they'll just post guards over ever few feet of cable...
This ``new'' network already exists. The military already has NIPRNET which is encrypted but relies on public internet channels, SIPRNET which is for classified data and is on entirely different hardware, and JWICS which is on another bunch of hardware still for top secret data.
I'm amazed by how many people would frown on all of this. Shouldn't the government have a means of distributing data electronically without having to worry about attacks? Personally, I suport this, but I question the timing of the article.
The state is the great fiction by which everyone tries to live at the expense of everybody else. ~F. Bastiat
Well here in Oz there are National guidelines for the viewing of online adult content by government staff. This was worked up for National web archiving projects where someone had to makea call on "adult" content. I believe it stipulates things like "Only one staff memeber to view the material and no more than two staff members standing around the screen".
Xix.
"Everything is adjustable, provided you have the right tools"
What's the bets Microsoft are contracted for the new network's systems, swallowing millions of taxpayer dollars, and probably running the whole thing on MSTCP or NetBEUI... - and, in the normal microsoft fashion leaving the entire thing wide open to their friends the scientologists...
Choice of masters is not freedom.
The network (called SIPRANET) is for classified material only (as far as I've seen it used). The department of agriculture and the like have no "need" (opearative term for getting access to classified space) to be on that network, so they are not. It also takes a WHOLE LOT of sponsorship and time (at least a year) to go through the process of getting access, not to mention how secure the connected rooms (not buildings, but rooms) have to be.
Also it's well known that gov't computer security is fairly pathetic, this would be a nice first step towards remedying that problem. Just have seperate networks with an airgap between this network and the internet, and the gov't would be shielded from any number of plausible attacks.
After all, if you show me a Network Admin who can't hack a .gov/.mil site, I'l show you an incompetant Network Admin.
And old school connection for all the "leet" people.
Outdoor digital photography, mostly in New Engl
"All GOVNET components and links must be located in the U.S. or Canada."
Is Canada part of our Government now?
... the US government has started work on a
redundant highway infrastructure, to avoid
the "risk" of "terrorist" traffic jams.
Wouldn't it be "cyber Perl Harbor" after all some of the 1337357 sploitz have been implemented in Perl.
AC's cheerfully ignored
The US Government has decided it needs a privat network, well most corporations have one so they really need one, too. Besides Lucent, Sun, Cisco ... got hurt by the .com crash so lets bail them out like the airlines.
Man am I greatfull I don't have to pay for this. By the way isn't the US a free market economy? So why is your government handing out subsedies?
--Ulrich
On no accounts allow a Vogon to read poetry at you
The DoA wants to DESTROY wheat, because they've decided that there's too much of it! All the poor farmers are going out of business, so the government has decided to step in and pay them to burn bushels of wheat, or sit on their asses and do nothing at all. That way, the supply is restricted, the price of food goes up, and all the farmers are happy. Poor people the world over thought, get screwed because food is now more expensive than it would be otherwise.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
The governments computer networks have grown much like the Internet, without any central control or configuration management. This makes them as difficult to secure as the Internet itself. While the government does have data that it doesn't want the general public to see, it also has a lot of data that needs to have protected integrity. The National Agricultural Statistics Service (Part of USDA) for example compiles data on crop prices, etc. that if altered could have a severe economic impact (See the movie Trading Places). Keeping the information private is not their concern, ensuring that it is accurate is. But they, like other agencies have seen explosive growth in network population without a corresponding growth in Information Security. Privatizing their network and having controlled internet access points would allow them the time to catch up. As far as utilizing VPN technology, the government already does. But, as anyone who has put this in place will tell you, it comes at a price. Beyond the dollars involved, users must be trained in proper operation, technical staff needs to be proficient in its use and bandwidth needs to be increased to handle the larger (encrypted) data stream. And VPN's are not foolproof nor are they immune from exploitation (split tunneling ala Microsoft). Finally, as to the cost involved - Preventing security problems is always less expensive than cleaning them up.
Elected officials may come and go, but bureaucrats are forever.
I work in government and can tell you that any idea will get pushed though, if the one person behind it is motivated enough.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
DARPA didn't create the Internet, they created Arpanet. Arpanet took redundancy seriously, had central mandation of standards, and clueful admins.
The Internet (as of today) is almost entirely commercial. It's a matter of shipping cheap pr0n around at minimum cost, and that means a very small number of big fat backbones. Standards were washed away in the spew from Redmond. Nearly all the servers live in the same handful of concrete holes in the ground, and any child with a backhoe can take the lot out (and does so, on a fairly regular basis). No one has a clue, no-one cares, and it's always September. So what ? It's cheap, and eventually the Spam and IRC gets through.
Last week my ISP flamed me after a complaint that I couldn't get my mail -- because their outbound links in NY were at fault. And this is my problem ? I'm in Bristol, UK, and they're in London!)
If the government wants another intranet, and they want to spend the extra bucks to keep it working, then let them at it.
And of course, if Bush really wants to fire up a "Dot.com New Deal" and fend off a recession, then buying an intranet free of Nimda is better than spending the same money on NMD
hope that they understand that a large-scale network like this isn't going to solve all of their problems. They'll still have to maintain heavy security on all of their sites, regardless of how much more secure this network is.
Sounds like much more trouble. If they build their own private wires, the terrorists will know exactly what to break and listen to. I can see it now, "Ah yes, as prommised there it is, the red wire! Cut it quickly for there is no reason for the animal to suffer.", and the Bat Phone dies.
Friends don't help friends install M$ junk.
Funniest quote recently is Ted Kennedy... however it could be ANY politician, but the recent (20 years) pattern is that while it is a good chance that any politician is crooked like this, you can BET THE FARM that a Democrat will do this. Now the quote, "Now is the time for us to give. Now is the time for us to come together and make this country strong."
Ummmm, lets see... who is this 'WE'? I don't see your ass paying taxes. In fact, you don't even pay into that joke known as Social Security, you instead have your own elitist and seperate retirement program just for the elite. So, please explain who this 'we' is. Gee, thanks for being so generous with MY money. How about you say, "Now is the time for voluntary giving" BTW, he was indeed refering to government [taxpayer] spending. The other thing that is funny and ironic, is the part about making the country strong. Uhhh, you sir are a dumbass! YOU and your comrades are exactly the CAUSE of the weaknesses of this great nation. YOU and your comrades are the ones that pass the army of arbitrary laws and policies that you yourselves refuse to abide by. YOU and your comrades are the ones that destroyed the rule of law when a president [it doesn't F'ing matter about the sex, OR what his political affiliations where/are] that commited purgery, abuse of power, and obstruction of justice among others got off and was then labled a 'defender' of the constitution. How DO you defend something by stomping it into the ground and defiling it. Perhaps if YOU and your comrades put the country first and politics and party 'loyalty' last then we would not be 'weak'.
Anonymous Kev
Proudly posting as AC since 1997
More standards equals more jobs for high tech employees. Cisco gets to make more routers. Lucent gets to make more network cards. More sysadmin jobs, etc. etc.. This is wonderful... Defintely, let them have a network!
I hope that the joe at the MacDonald's counter is happy subsidizing my career choice with his income tax.
Waltz, nymph, for quick jigs vex Bud.
Tempest. Guess it's for real, do some looking on Google and you can probably find rough plans with directions to build it out of parts from RadioShack. No, seriously.
...the most obvious impact is that it will keep those highly overcompensated government employees from browsing the web during their work.
Cisco routers I'm happy.
is to unplug and bury your system in your back yard and loose the dogs.
Methinks the real solution is to secure what we have instead of avoiding the subject by building a new sandbox that no one is allowed in.
I think you underestimate just how much I just dont care.
Wasn't the Internet originally designed as a survivable network? I remember some guy named Rick Adams at the Defense Advanced Research Products Agency seeing the advantage of such a net some time ago.
Does no one have any historical view on this at all? The government creates a survivable network precisely to prevent its destruction by making it redundant to a large degree. Can't other threats be anticipated and handled? Or is the U.S. so devoid of thoughtful people that no effort can be expended on trying?
slashdot: A failed experiment.
Arabs play video games too moron. I went to Indiana University and there were 40 kids from United Arab Emirates there taking an English program in my dorm who did nothing but play pirated Playstation games 24 hours a day.
Uh, you answered your own question. You want agencies as critical as the DoA piggy-backing on the DoD's secure net?
Maybe that is an appropriate action given that people in the military lose some civil rights when they enlist (whether they should or not is an issue I won't raise right now), and it might be necessary to prevent disclosure of some military secrets, but if you're going that route, be honest and say so instead of trying to hide what you're doing; otherwise those who know how these things work will point out two things: first, if you're supposed to know technology as part of your job, you're incompetent, and second, that you're lying. I think either the Web at that time was of minor importance or hadn't been invented or people would have realized how ridiculous the idea was.
I said then that I thought the idea was stupid and it's even stupider now. The whole point of having access to the Internet is to provide significant resources to people for their use as it relates to what they are doing (or in this case, whatever they are working on.)
For some reason this reminds me of the blocking systems imposed by the Church of Scientology to keep their members from reading anti-church material on-line. I don't know why, but for some reason I have this suspicion that the real purpose is more to keep those on the private network away from us and our thoughts rather than to supposedly protect government networks from disruption.
Paul Robinson < postmaster@paul.washington.dc.us>
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.