Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bush Wants an Unhackable Private Network

Posted by ryuzaki0 on from the and-i-want-a-cute-smart-girl dept.

Slur points out an article at the New York Times which says that the "Bush administration is considering the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities," writing "It seems to me money would be better spent getting the next-generation Internet going, for the government to fund more of the existing research and standards boards to create protocols that are invulnerable to the kinds of attacks the government seems to fear, namely massive DOS attacks. Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?" Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow? Update: 11/19 22:48 GMT by T : This was mentioned before a little while ago when USA Today wrote about the same concept, but apparently a Digital Pearl Harbor is still being flogged.

11 of 365 comments (clear)

  1. Sign Says "Hack Here" by Anonymous Coward · · Score: 4, Interesting

    Wouldn't creating a wholly separate network for restricted traffic be a bit counterproductive?

    I mean and spy/hacker who found a physical location to hack into it (i.e. tapping into a line on a phone pole or at a phone company switch) would find *everything* on that network to be of interest. In essence they would have hit the jackpot for illicit information. We're kind enough to organise it away for them.

    True it would probably prevent 15 year old script kiddies from casually hacking in at home, but it would make any break into that 'other' network all the more catostrophic prospect.

    1. Re:Sign Says "Hack Here" by sokoban · · Score: 2, Interesting

      These aren't like networks you have probably ever seen though. The current government "secure networks" aren't VPN's or anything. They run on their own lines between very secure (heavily guarded, extremely redundant security) data centers (ie. DMS has 2 in europe, 2 in the pacific, and like 10 in the USA). The traffic between data centers is encrypted with proprietary DoD software. From data centers to the end user, data is encrypted (once again, with proprietary software) and is read using an off the shelf e-mail client. So, for your lucky spy/hacker to really hack the network, he/she would have to hack either the Encryption for which he or she will never be able to find the algorithm, or just hack the computer of one user. Even then though, the hacker would only have one side of the communications and most of it would probably be of little interest as the DoD uses a 7-12x random overwriting scheme to destroy sensitive computer data. Intercepting transmissions between the user and the data center might be interesting, but still this is a Departement of Defense Computer. I think they keep pretty thorough logs and any exploit would be quickly terminated.

      --
      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
  2. Mae West/East by lrc · · Score: 3, Interesting

    I've been wondering just how susceptible Mae West and it's ilk are to terrorist attacks.

    It seems to me that it wouldn't take a whole lot of bang to bring the internet to it's knees.

    Funny how it was originally designed to be immune to this sort of stuff.

    1. Re:Mae West/East by Arandir · · Score: 4, Interesting

      If it were just Mae West going down we could manage. That's how the internet was designed. We'll have some inconveniences and crap, but the internet will still operate just fine.

      The problem are all of the servers that are colocated there. Stupid stupid stupid.

      --
      A Government Is a Body of People, Usually Notably Ungoverned
  3. Re:answer Re:question by man_ls · · Score: 5, Interesting

    According to The American Institute of Physics in their Physical Review Letters journal article "Resilience of the Internet to random breakdowns" (19 Oct 2000) [a copy of this article is available in .pdf from my personal web page on the left side bar for your reading pleasure.] stated that the Internet could lose 99% of its nodes, and still maintain routability. The content lost in those 99% of nodes is another matter, but the Internet would not segment until over 99% of the routing nodes were removed. That's pretty impressive.

  4. Re:GOVNET analysis from Bruce Schneier by Philbert+Desenex · · Score: 5, Interesting

    the government already has several separate, secure internets, for various purposes, and they were still infected by Melissa and LoveLetter

    Now that's something we didn't see on C|Net.

    I worked in the aerospace industry from '86 to '92. Every big defence contractor had one or more classified IP networks. Unfortunately, the security measures imposed were sort of stupid: the ethernet cables of the classified net had to be at least so many feet from a phone line (they were worried that induced voltages from ethernet would allow someone on the phone to "tap" the classified net), keyboards attached to computers attached to the classified net couldn't be traded out to unclassified areas, and had to be elaborately destroyed when they broke. At the same time, you could walk through checkpoints with pockets full of floppies.

    It was as if a Korean War Drill Instructor dreamed up ways to actually impede using the classified network, but at the same time allow (possibly) classified information in and out of the building.

  5. I think the net is probably more secure by fortinbras47 · · Score: 2, Interesting

    My initial impression is that the net would be less prone to complete shutdown than other infastructure. The net still is sort of a wild wild west, and everybody from skript kiddies to hackers are continually trying to break in and DOS various different sections of the Internet. It's hard to imagine how any group (unless it was some massive government funded operation) could be more disruptive than what currently takes place. Radical islamic fundamentalists dont' seem THAT tech savvy.

    Airports thought about security a bit, but really serious measures generally weren't taken. However, security has been one of THE TOP issues for the Internet for a long time. Kerberos, ssh, bastille linux etc... there are a lot of tools out there to lock systems and networks down.

    That said the government is probably getting hacked all the time now. Really critical systems probably should physically seperated from the net. One aspect of security that is the most difficult is human error. Sure a system can provide ssh and kerberized login, but if people use the same password for their yahoo games account, all the encryption in the world doesn't appear to do a lot of good.

    Just some random musings.

  6. Reinventing the wheel by catseye_95051 · · Score: 3, Interesting

    We alreayd have such a network. Its called milnet and is used by the US millitary who funded the original inetrnet research.

    As soon as the internet was working they built their own, secure network, and got the hell off of the publicly acessible one.

    Maybe Colin won't let Georgie play with his toys, so Georgie wants his own....

  7. I thought the government already had this? by HanzoSan · · Score: 2, Interesting



    Whats Bush Talking about? The government has had independent secure private internets since before we even had the internet.

    Why are they telling us what they are building unless its going to be a public government internet.

    I mean really, if something is private and secure, the last thing to do is tell the world about it.

    When the government wants to keep secrets they can, and they do so by not telling us anything about it,

    Perhaps bush wants an internet seperate of the private government internets already in place so he can email his friends in various other countries on any computer (not just the secure private ones) without worrying about people reading his msgs.

    --
    If you use Linux, please help development of Autopac
  8. Secure Systems? Trusted Systems? by Samuel+Nitzberg · · Score: 2, Interesting

    Some basic things can be done to make "secure" or "segregated," or other types of somewhat-more-protected-than-usual environments.

    Unfortunately, I think that there are also some very real problems. Some very old military systems (e.g.) SAGE - were secure. The customer (Government) could own and have all code reviewed. All end points were well controlled. The number of nodes and links, etc... were limited. The system was also special, and dedicated - purpose.

    There are limits as to how secure any system will be if it will be built on off-the-shelf components, software and hardware components that the gov't can't fully inspect, networking protocols that are not provably secure, and the inevitable ... using currently available products to implement solutions, rather than building that which might be necessary.

    Sam Nitzberg
    sam@iamsam.com
    http://www.iamsam.com

  9. Damn it by dimator · · Score: 3, Interesting

    I love it how the /. editors always have an excuse as to why they post dupes. Either it's witty, or dodgy, or it's "this is important enough to read twice." Please.

    Is it THAT IMPOSSIBLY HARD to use your OWN search tool before posting dupes?

    --
    python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"