Slashdot Mirror
Bush Wants an Unhackable Private Network
Slur points out an article at the New York Times which says that the "Bush administration is considering the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities," writing "It seems to me money would be better spent getting the next-generation Internet going, for the government to fund more of the existing research and standards boards to create protocols that are invulnerable to the kinds of attacks the government seems to fear, namely massive DOS attacks. Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?" Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow? Update: 11/19 22:48 GMT by T : This was mentioned before a little while ago when USA Today wrote about the same concept, but apparently a Digital Pearl Harbor is still being flogged.
Bruce Schneier has an informative story about this in the November 15 CRYPTO-GRAM, including some of the pros and cons. Basically, he says it would be better than what they have now, but still not all that great (he points out that the government already has several separate, secure internets, for various purposes, and they were still infected by Melissa and LoveLetter). And that this is one of the few cases where security and convenience might really be inversely proportional.
-- Some things are to be believed, though not susceptible to rational proof.
:Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?
Yup
Wasn't this covered back in Sept?
Bush may not know it, but these already exist in the form of SIPRNET, and INTELNET.
SIPRNET
SECRET INTERNET PROTOCOL ROUTER NETWORK
SIPRNET will replace the DSNET-1 during the migration to DISN. It operates at the SECRET Collateral level and can interface with the TROJAN network. It provides higher and selectable data rates at a much lower O&M recurring cost. Inter-site data rates are 512 Kbps and in some cases T-1. Users can connect to the network at selectable data rates that meet the need.
INTELNET
NAVAL INTELLIGENCE COMMUNICATIONS SYSTEM
The NICS is designed to consolidate Naval Intelligence communications systems. The system has three parts. INTELCAST plan calls for each FOCIC or Facility to consolidate up to 12 different message traffic circuits, including OPINTEL, MUSIC, FIST, and DODIIS through INTELDATA extended in an SCI LAN Extension and Stand Alone capability configuration. The SCI LAN encompasses a full suite of SOCRATES equipment, including workstations, secondary imagery dissemination systems, and a mapping and graphics capability. The Stand Alone capability provides a workstation with tailored data bases specific to unit operational orientation. Stand Alone capabilities are being provided to Guard and Reserve units as well as to certain active, lower-echelon units.
NIPRNET
UNIFORM INTERNET PROTOCOL ROUTER NETWORK
The NIPRNET is the consolidation of several service/agencies networks (AFNET, NAVNET, MILNET) with common protocols and standards. It is a product of the DISN near Term Program, which sought a reduction in cost of operation through interoperability and standardization. Connectivity over high-speed trunking is supported by the NIPRNET. It operates at the unclassified level, while the SIPRNET supports classified networks in a similar manner.
It seems to me this would evolve just the way the Internet did before; it would at first be used just by government agencies, next given to the large defense contractors, eventually adopted by the research universities, and then swallowed whole by Joe Public. This, IMHO, is the best way to get the next-gen Internet.
And I want Bambi's father to come back, but it ain't gonna happen. Sorry to disappoint you with this Real World stuff, Dubyuh, but there's no such thing....
DO NOT LEAVE IT IS NOT REAL
Wouldn't creating a wholly separate network for restricted traffic be a bit counterproductive?
I mean and spy/hacker who found a physical location to hack into it (i.e. tapping into a line on a phone pole or at a phone company switch) would find *everything* on that network to be of interest. In essence they would have hit the jackpot for illicit information. We're kind enough to organise it away for them.
True it would probably prevent 15 year old script kiddies from casually hacking in at home, but it would make any break into that 'other' network all the more catostrophic prospect.
The problem is that much of the 'vital information' in today's society flows over the public internet - by definition. Sure, take military command and control comms out of band - that makes perfect sense anyway, which is probably why there are several separate, highly secure military and governmental IP internetworks that are supposed to be completely separate from the public Net. (Although, as Bruce Schnier points out in the latest Cryptogram, ILoveYou made it onto the 'secure' network within 48 hours...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
What he's asking for is like asking for poison-free food. Sure, the ovens can be locked and the food can be tested over and over, but the cook is still there.
The only concievable way to do this is to either:
a) Eliminate Government Data Access to All But the Highest Officials (which still poses the same problem, in theory) or
b) Eliminate the network altogether.
Bush is asking for something that isn't possible because social engineering and the "inside job" is the oldest way to hack any system of anything. Hacking didn't start with computers, bank vaults, locks, jewelry stashes... they were all done in the past with inside work.
It's impossible because of human error and human presence.
I've been wondering just how susceptible Mae West and it's ilk are to terrorist attacks.
It seems to me that it wouldn't take a whole lot of bang to bring the internet to it's knees.
Funny how it was originally designed to be immune to this sort of stuff.
Perhaps in the spirit of bipartisan cooperation, he could contract Al Gore to invent one?
Bush administration is considering the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities.
That's funny, I've always wanted the creation of an insecure anonymous non-government communications network separate (or on top of) the Internet that would be less vulnerable to efforts to regulate non-critical non-federal activities.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
None of the major backbones are willing to provide IPv6 connections. The U.S. Government contracts out almost all of its long-haul communication requirements. They used to get AT&T to build underground bunkers for them, but now they get nothing. Why not start by requiring IPv6 in all government RFPs/RFQs for long-haul comm? That should provide an instant market to kick-start IPv6, complete with all the security features that have already been designed.
I'd be really interested to know how Mr. Clarke et al are going to come up with believable cost figures for this unhackable network, particularly as what makes a network hackable is NOT so much the routers, bandwidth, etc. as the due diligence done by the managers, which is an ongoing expense. (The exception might be for a physically secure signalling infrastructure... anyone know how to keep a physical network from being blown up or jammed?) But I just don't see how this would hold up in the long run... bad security inevitably drives out good if human operators (and usability drivers) have anything to do with its maintenance. Perhaps the money would indeed be better spent deploying IPv6 on a large scale, which is probably the only way we will see it replace IPv4. Since this network ultimately subsume the existing Internet or be subsumed by it, it seems best to keep this end in mind.
#!
It might be a better idea to support research into strong encryption, good protocols, etc. Maybe. But this is a pretty good idea. Think of all the boneheaded things they could have done instead: outlawed tools that could potentially break encryption. Outlawed computers that don't pass a "security audit" which required that all security-related source code be closed (effectively killing off Linux). Or worse still, done nothing and left sensitive government data floating around on the Internet, weakly encrypted.
This isn't a half-bad idea. A private network is still of course vulnerable, but it's like putting a fence around your property. People might still end up on your property, but they'd have a lot harder time explaining why they're there, rather than just "uh, I just got lost".
Um, nope.
While some work had been done on using packet-switching to improve communication reliability after a nuclear attack, that work was purely theoretical and not directly tied to the origin of the ARPAnet. The ARPAnet was explicitly created to allow computer researchers to share files and resources, reducing unnecessary duplication of effort and resources. The nuclear war myth might be better copy, but it's just a myth.
Check out Where Wizards Stay Up Late for the real story.
The Mongrel Dogs Who Teach
But then again, it will result in some interesting technological develpments, so I can think of things that could be worse wastes of taxes.
Yeah. Too bad that any interesting technology would probably not be released to the public domain in the name (rather, under the guise) of national security. We can wave the FIA (Freedom of Information Act) in their face, but "our" government seems to have no problem overturning other legislation under the guise of national security; I doubt this will be any different.
--
#nohup cat
If the current telco and internet infrastructure is any example, their efforts will do no good. A dozen terrorists with rented (or commandeered) backhoes in select locations could cause massive disruptions in the Internet (and therefore the economy). Miss Utility could even be an unwitting accomplice.
Don't even start with "physical diversity blah blah blah". The fact that your physically diverse circuits aren't has been proven time and again by the mighty backhoe/flaming hazmat car/junior achiever.
Of course some improvements to BGP wouldn't hurt either.
Yes. And the internet itself is hard-to-disrupt.
However, a single server can be the target of an attack, and this is what they want to secure against now. The idea of the internet was to be able to communicate even if lots of nodes failed (i.e. got physically destroyed). The idea was not to secure every single node against destruction. Also note that the internet was designed with physical rather than digital attacks in mind.
The government certainly does have a point here, but I think you can reach security for each individual node only by securing those nodes, not by simply seperating them. How will they make sure that, for example, no email can get in from the internet? Have two computers at each user's desk?
Sig (appended to the end of comments I post, 54 chars)
AFAIK AUTODIN is still where the "serious business" happens.
AUTODIN is an ancient, circuit switched network. It's a real bear to operate (I spent four years operating it) but it is genuinely secure. AFAIK the whole "packet switched so it can't be decapitated" thing that the APRANET was supposed to solve was supposed to be an answer to AUTODIN.
I hope they get something going so they can retire AUTODIN.
-Peter
The hosts on it are also important. Now most people don't want to use overly secure systems (B2 level can become quite painful, but is actually required to prevent users from executing arbitrary code received over the network), so host security will remain low. Even if you separate the network from the other internets, one security breach can still have devastating results. And since people tend to keep modems in their drawer in order to log in from home, security breaches are going to happen.
All it takes is one idiot to install PCAnywhere and throw a dialup modem on their office computer so they can work from home. Or someone who dials out to the net from their office computer and runs something like Go to my PC.
Somehow this whole discussion would be a lot funnier if it was Al Gore saying that he wanted his own private internet.
Given their cozy relationship they'll probably want to use Microsoft's latest server which is the only one proven unhackable.
George Busth will never forgive the internet for allowing itself to be invented by Al Gore.
So he is going to redo the whole things and invent the BushNet, a secure unhackable network based on the ingenious idea of running the following script on all government machine:
-- look, cheese ahoy!
Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?"
I thought this was the government's job, not the terrorist's job.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
My initial impression is that the net would be less prone to complete shutdown than other infastructure. The net still is sort of a wild wild west, and everybody from skript kiddies to hackers are continually trying to break in and DOS various different sections of the Internet. It's hard to imagine how any group (unless it was some massive government funded operation) could be more disruptive than what currently takes place. Radical islamic fundamentalists dont' seem THAT tech savvy.
Airports thought about security a bit, but really serious measures generally weren't taken. However, security has been one of THE TOP issues for the Internet for a long time. Kerberos, ssh, bastille linux etc... there are a lot of tools out there to lock systems and networks down.
That said the government is probably getting hacked all the time now. Really critical systems probably should physically seperated from the net. One aspect of security that is the most difficult is human error. Sure a system can provide ssh and kerberized login, but if people use the same password for their yahoo games account, all the encryption in the world doesn't appear to do a lot of good.
Just some random musings.
The notion of a secure private network for the government seems like a decent idea. To think that through such a private network we can avoid some sort of internet peral harbor is absurd. Why? Real simple: was the world trade center a government building?
Why would any terrorist waste their time and resources trying to take down the FBI when it could go after banks, airports, power grids, and a whole host of other things that are on the public Internet? All of those things are far more visible and have a far more significant immediate impact on the lives of US citizens. Remember, terrorism isn't about taking out strategic assets, but creating a sense of fear in the every day lives of normal unassuming people.
Now, one might say that the answer to this quandry is to put corporations on that network. Of course then you are expanding the base of users and increasing the likelyhood that a few terrorists (or those easily bribed or fooled by them) will be able to breach that network. I suspect that even putting large swaths of the government on that network already risks that compromise within the government itself but that just amplifies it.
Why don't we take that money and put it into developing policies and technologies that will make the current networks more secure? I know that this doesn't look as impressive to the public, but in the long run it will probably do more to prevent an Internet Perl Harbor.
This sig has been temporarily disconnected or is no longer in service
Building a private network isn't a big deal. I think the government could build an encrypted WAN without much effort. I think the biggest challenge to security is going to be on the physical front... meaning that every piece of network equipment must be in a secure location. This includes every router and bridge in every network shack along the WAN lines. Wouldn't want any 1337 hax0r5 to come along with a patch cable and bring down the government network. Since guarding every inch of wire is impossible, point to point connections must be made with fiber line so it can't be tapped like copper.
None of this even begins to consider the physical local machine security... government workers shouldn't be alowed to bring any media from home, no incoming modem lines, etc.
Lots to think about. If GB wants to cut me a check, I'll begin the engineering work tomorrow.
Skiers and Riders -- http://www.snowjournal.com
Turning to other news tonight, new reports on the status of Unhack-a-Net, originally proposed by former President Bush, indicate the test servers were actually transmitting gps information to would-be hackers, indicating their course and heading.
And in an ironic turn of events, an undisclosed number of people were arrested in nationwide raids following the most recent round of Unhack-a-Net testing, on charges of using illegal circumvention devices. Officials close to the case described the devices as 'Garmin eTrexes.' The official hinted at prosecution under the SSCA (Super-Secret Copyright Act), the details of which are still classified.
One detainee was overheard saying, "But...we're beta testers! You know, Unhack-a-Net!"
SSCA was signed into law in 2003, following the terrorist threats to the music and film industry. Those attacks came in the form of the thirteen year-old son of a record company exectuve, who crashed his father's Windows 2000 computer one night. Under the terms of the MASTA (Microsoft Antihacking, Security, and Terror Act), the child was sentenced to a prison term, but President Ashcroft felt greater protection was needed for America's vital interests.
every good
Doesn't MILnet do this already? Isn't this why when the DoD gave up control of ARPAnet, they forked and created MILnet to retain a secure channel?
Bush needs to lay off the MSN. The U.S. government is already waaaaaaaaaay ahead on this one.
Well, since the intent is to physically separate this network from other networks, it would indeed not by "hackable" by the common definition fo the term. The only way to penetrate it would be to breach the physical security (i.e. break into a building and tap a cable), which is more "breaking and entering" than "hacking."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
That is pretty witty.... Good point. However, I think that there is something to be said for the idea of a relatively separate network. However, untortunately, this could actually be a BIG blow to MS. Here is the problem: Security.
Now, I am not talking about vulnerabilities like those exploited by Code Red. I am talking abount internal security and differing levels of security classifications that would make implimenting such a network on NT or Windows 2000 based infrastructures a really daunting task.
Enter SELinux. SELinux uses a concept of MAC (Mandatory Access Control) rather than DAC (Discressionary Access Control) which allows one to actually enforce security access and localize the effects of security incidents. With SELinux, if I send you a file, you may not be able to access it if you don't have the relavent security classification and, if it is really secret, the mailer may not be able to read the file and hence I may not be able to send it at all!
To do this sort of thing with Windows 2000 or NT would require a large number of servers, and each server would have to have documents only of one security classification on them. Each of these servers would have to be carefully evaluated as to their suitability for their jobs but with MAC in SELinux, these can be combined onto a single system.
LedgerSMB: Open source Accounting/ERP
The problem is that open networks evolve so much faster than closed, secure networks, that users become frustrated with the later and start moving files surrepticiously between them. Thats what Prof Deutch of MIT did while head of the CIA and Wenho Lee of Los Alamos.
Hmm... actually, if the network itself had insane levels of physical (totally isolated) and human (good resistance to dumb-ass social engineering exploits) security, you could really run anything you want on it and be fine.
Of course, that said, there's no way in hell I'd want to admin a Windows network (err... again... I used to do that sort of thing a while back).
Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit
We alreayd have such a network. Its called milnet and is used by the US millitary who funded the original inetrnet research.
As soon as the internet was working they built their own, secure network, and got the hell off of the publicly acessible one.
Maybe Colin won't let Georgie play with his toys, so Georgie wants his own....
The only concievable way to do this is to either:
a) Eliminate Government Data Access to All But the Highest Officials (which still poses the same problem, in theory) or
b) Eliminate the network altogether.
We already went down this path with the CIA and NSA. Turning to more hardware meant that we were less adapatable, and missed more things.
While people will always be the weak link of any network, and inside access the way to defeat security, this does not mean that it is unwise to trust people.
Instead, we should make security transparent and easy to use, and learn from our mistakes.
This is the lesson of open source - the security actually increases as the number of eyes peering at the code increases. Dependence on the technology ignores the fact that someone has to see the data at the beginning and end of the process.
-
--- Will in Seattle - What are you doing to fight the War?
As long as only government officials can connect to the network. No connection, no cracking.
Unless you have physical access, which is a completely different matter.
Do you like German cars?
That the US Govt saying they want to do this is akin to a company saying they want to build a large, private WAN, because they don't like working on the internet for sharing info between offices. Fair enough.
Apples and Oranges.
Even with a private network that isn't connected to the Internet, there is still at least one big security issue: A false sense of security. Government employees may think that because their private network is so secure and separate from the big bad Internet, they can relax and give computer security a low priority. What most folks don't understand is that computers are like any machine: They require constant maintainence for reliable operation. Security is a large part of that maintainence, and cannot be set aside while other things take place. On the contrary, security must proactively be part of everything that goes on in a computer and network. This is partly why a false sense of security is dangerous.
Besides, intruders could still access the network through such techniques as war-dialing, to name one example off the top of my head.
Whats Bush Talking about? The government has had independent secure private internets since before we even had the internet.
Why are they telling us what they are building unless its going to be a public government internet.
I mean really, if something is private and secure, the last thing to do is tell the world about it.
When the government wants to keep secrets they can, and they do so by not telling us anything about it,
Perhaps bush wants an internet seperate of the private government internets already in place so he can email his friends in various other countries on any computer (not just the secure private ones) without worrying about people reading his msgs.
If you use Linux, please help development of Autopac
first of all nothing is unhackable. Second they're talking about setting up a seperate wan for just the government. If just ONE computer on that network is also connected to the real internet, then someone can get in. If none of the computers on that network are connected to the internet, then government employees will be very unhappy at work. Hence, another waste of money.
The GeekNights podcast is going strong. Listen!
Until someone from "The Phone company" puts a tap on the connection in the building, snooping everything going through the line.
I hope we don't make the same mistake the Russians did. Ever hear of Operation Ivy Bells? An underground cable from Murmansk to Vladvistok. All the conversations were unencrypted. The US sent a sub to snoop the line, and glean lots of information.
Some basic things can be done to make "secure" or "segregated," or other types of somewhat-more-protected-than-usual environments.
... using currently available products to implement solutions, rather than building that which might be necessary.
Unfortunately, I think that there are also some very real problems. Some very old military systems (e.g.) SAGE - were secure. The customer (Government) could own and have all code reviewed. All end points were well controlled. The number of nodes and links, etc... were limited. The system was also special, and dedicated - purpose.
There are limits as to how secure any system will be if it will be built on off-the-shelf components, software and hardware components that the gov't can't fully inspect, networking protocols that are not provably secure, and the inevitable
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
Think about it: when the Internet was restricted to non-commercial nodes, it was pretty secure. The first major security disaster was the Worm of 1988, which came from a university site.
If you maintained a separate TCP/IP network that only had physical connections on military bases and the like, I'd think it would be pretty secure. It's this business of giving everybody an Internet connection that gets all the script kiddies online.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Shouldn't this be from the and-i-want-a-cute-smart-bisexual-girl dept
Looking to set up your own personal token ring network?
Someone set us up the bomb, so shine we are!
Well, I blew that link
If the government wants a really secure network of nontrivial size, then it probably should not use TCP/IP as its underlying protocol suite. TCP/IP was designed in the 1970s for a limited-access insecure network of researchers (ARPAnet). If anyone misbehaved, they'd be booted, and/or their site manager would get a nasty notice. Nobody was "entitled" to be on ARPAnet, and almost everyone cooperated. The network was designed for maximum openness within that selected community.
Now we have the public Internet, and Microsoft's virusware for applications. Firewalls help, but as many have noted, it's too easy for a laptop or floppy to inject something, and if an email gateway it provided, MSware will do the rest. Or any other mail client that follows their evil lead and executes email.
A serious fix is to create a new protocol suite that has security designed in. New stack code with no buffer overflows. A stack that doesn't invite address spoofing, flooding, or various other vulnerabilities of TCP/IP. Not that TCP/IP is all that bad for public use, but you just don't try to add security later and expect it to work! (It's a sieve: It should stand for Transmission Colander Protocol/Insecure Protocol.)
This new stack would have new, or at least modified, applications written for it, the way ARPAnet did back when it was young. And rules against insecure crap, so no Outlook ports! It might then catch on outside, but if the protocols have security handles in them, it's okay; there's no security through obscurity. This would help long-term stabilization of the public Internet, if it adopted more secure (and probably more efficient) protocols. Just as government funding for its own use led to TCP/IP.
Some people seem to think that TCP/IP was handed down to Moses on Sinai, and is thus sacred, Perfect, and should be inviolate. I don't buy that for a minute, and I was on the ARPAnet back in the NCP days. It was a nice experiment but it has ossified with widespread use, and clearly has trouble keeping up with current needs. IPv6 is not an improvement in any sense, efficiency or security; it is a distraction whose misbegotten presence, on balance, makes things worse.
I love it how the /. editors always have an excuse as to why they post dupes. Either it's witty, or dodgy, or it's "this is important enough to read twice." Please.
Is it THAT IMPOSSIBLY HARD to use your OWN search tool before posting dupes?
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
Hahahahahahahahahahaha. That's rich. Oops, no pun intended.
-Legion
Wishing doesn't make it so, Mr. President. Networks are designed to let people share information. Even if you cut yourself entirely off from the Internet, you leave yourself wide open to moles, leaks, and all sorts of human error. A private network may make the human security holes even wider because it gives you a false sense of safety. I'd rather see my tax dollars spent on secure open protocols and sensible security policies. Security is a mindset, not a technology.
This
Thats why bush wants to make a more public government internet for the common government employee.
The private internet Bush himself most likely cant even use is what you'd call, a military secret, only used for serious business by intelligence agencies to exchange information with the military, and people know about it on a need to know basis, its not common knowledge, and only a few people actually know how the whole thing works technology wise, so even if you've used it, 1 you wouldnt know how it worked, and 2 the people who do know how it works prolly have no clue what its being used for.
If you use Linux, please help development of Autopac
It's more like a DoD wide transition from Unix to WinNT/2k. It's all the DoD networks - not just the classified ones.
I think it's a mistake personally, but I've never researched the reasoning behind the decision. The difficulty in finding unix admins shouldn't matter that much, since the military tends to grown their own anyhow.
Right now this thread is filling with posts about why or why not this network will be secure, and why or why not all of the OTHER protected/secret government networks are/are not secure. What people are missing out on is that the government does not actually WANT a secure network.
Bush and co. want a new network because two states, California and Viriginia, are full of out-of-work techies, left jobless by the dotcom collapse. Virginia and California are also the top two states in regards to defense agencies, contracts, locations, dollars, etc.. Building a new government network would create a huge number of stable, high-paying jobs in Virginia and California as the agencies and contractors in those states were wired up; and even more jobs all across the country as the network spread out to all of the other states in between.
Not only does this have the effect of greatly boosting the economy without pissing too many people off (Which Congress has proven they cannot manage to do.), it also earns a lot of loyalty to the Republican party from all of the people who get those jobs, as well as the other people who benefit from those jobs as the money trickles outward.
Is this network needed, or even likely to work? I do not really know, and anyone who had nothing better to do than post to Slashdot about it really does either. But that does not matter, because right now America's economy needs to get going, the world needs our economy to get going, and the people making decisions in the White House realize that this is a good way to give a long term boost to the economy and their careers, without really earning much scorn, and they would be fools not to.
Well, over a hundred posts and nobody has said this;
How is such a super duper secure network going to be used? Is there going to be a secret special terminal at your local federal building where the agents email their counterpart in the next state?
I work daily with military computer systems and it is hard enough just keeping the spam and porn and cnn streaming video off our networks. The worst offenders are often those in charge and those who should know better, those whose job it is to enforce security. As long as we have people using the system it will be inherently insecure. Maybe Dubya will be calling up about 2.8 million more security people to stand in every government office and look over shoulders.
Those people in the government who have a need to know secret things already have secure (physically) means to do so. This new GOVNET is a PR scam that has no purpose other than to stir up the public even more.
(Though I think the public are more excited about the 0% interest on new cars and the cheap gasoline than they are about not seeing photos of the 5000 people recently murdered.)
*sigh* My sig is becoming more and more true...
"I want peace on earth and good will toward men." "We're the U.S. government. We don't do that sort of thing!!"
Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?
Good point, although I don't think at the time that DOD believed that others ( non-US govt) would have widespread access. I think they were trying to imagine a way to avoid the single point of failure, which the Internet still fulfills quite well. The DOD was probably more concerned with bombed-out Comm stations and cut fiber/wire under devastated city roads, than DOS attacks. DOS attacks are new and would've been difficult to foresee in the early Internet.
Personally I think that a fragmented Internet is inevitable. The free-market, ( some may argue not-so-free) coupled with the immense size of the Net will cause the net to fragment into different carriers. Each carrier will offer similiar services, prices and the like, just like the Telco's. Hell, most of the fiber is owned by the Telco's anyway, it just allows them to get a return on their investment for all that dark fiber.
Coming Soon: AOLNET, MSNET, GOVNET, DisneyNET, EuroNET, etc.
Remeber JINTACCS? I doubt it, it was a messageing system, actualy kinda like XML. It allow an Army soldier to do things like call it Naval gunfire. On the lowest level it was a fill in the blank paper, then read over voice radios, at the higher levels a computerized intercomunications protocol.
Actualy it was a good system, not perfect but good, but it was murdered. They did this by teaching it. They didn't start with the easiest and work to the hardest, they tought the hardest first so the average pvt Joe Snuffy got hopelessly lost. They actualy tought me how to report the laying of a naval mine field, I was in an light infantry organisation at the time, that report was for Naval ships Captains. This happened because the middle management types realy didn't want to lose their turf. I think the same thing is going to happen here.
To us its easy, blow some fiber, install some routers between facilities, gateway to some secure sattalites and maybe change the networking code enough to make the civilian stuff incompatable. Add in an armor plated authetication, distr the software to authorized users and your done right? Well the Army won't like working with the Marines, DOD won't like working with DOJ, and Intell won't even like working with themselves.
The only good thing I see from this is sonner or later some of the reasearch is going to trickle down to us and be usefull.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Our govenrment again shows it's ignorance of technology.
There is not, and never WILL be such a thing as a network that is absolutely private and secure, particularly when the government (which can't even deliver mail across town on time) is running it. No amount of billions or trillions of dollars spent on it can change that fact.
A "secure" network works like a secret. So long as only one person knows the secret, it's secure. But the instant a second knows it, it's not, and becomes less secure the more people (computers) are "connected" to the network.
What scares me is the draconian police-state laws that will have to be passed to even make this at all workable. Soon as some hacker breaks the "perfect secure private network" (which will happen within days if not minutes of it being established), some group of mornons (Congress) will propose and pass such legislation.
Also, doesn't anyone find it interesting that the govenrment now wants to secure public information systems, yet deny strong crypto to private industry?
=== The price of freedom is eternal vigilance
If you're still on a dial-up connection and you're doing a video download, you've already got a Digital Pearl Harbor. As with the film, you spend 90 minutes sitting around with not much happening, waiting for 10 minutes of decent visuals...
Grab.
The main idea is to protect against denial of service attacks, hacking is less of a concern than a bomb planted at MAE West.
As such there are two ways to address the problem, one cheap but pointless and one expensive and equally pointless,
The cheap way is to patch together a private network using leased lines, the old private network approach. The problem here is that it does not actually add any security, it simply means that you are vulnerable to attack at the SS7 level rather than the IP level. 'fixed' lines are these days routable, albeit using different technology etc. to IP.
So pointless approach number 2 is you go and dig your own trenches, fill them with wire etc. This would cost of the order of a billion dollars and would actually increase the vulnerability of the network since the private net would never be as dense and redundant as the public network.
All in all this is an indication that the administration don't understand what they are doing. They are recapitulating the pre-Internet mindset, they are not moving beyond it.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
And that is exactly why it is so incredibly stupid to restrict the use of encryption to combat terrorism.
Employee of Inrupt, Project Release Manager and Community Manager for Solid