Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bush Cyber Initiative Aims To Monitor, Restrict Access To Federal Network

Posted by Zonk on from the gotta-keep-em-seperated dept.

dstates writes "Details of George Bush's Cyber Initiative are beginning to trickle out. The Cyber Initiative was created in January to secure government against electronic attacks. Newsweek says that over the next seven years, Bush's Cyber Initiative will spend as much as $30 billion to create a new monitoring system for all federal networks, a combined project of the DHS, the NSA and the Office of the Director of National Intelligence. The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. ComputerWorld reports that all data traffic flowing through agency networks will be checked, and that it will be inspected at a deeper level than the current system is capable of. BusinessWeek, meanwhile, reports that one requirement is to reduce the number of internet access points in the Federal Government from the thousands now in use to only 100 sites by June 2008. How this will impact public information resources such as the Library of Congress, National Library of Medicine or even the US Congress remains to be seen."

19 of 120 comments (clear)

  1. SlashBias by CogDissident · · Score: 4, Insightful

    Well, from a network-security point of view, having fewer links to the web at large is actually a good thing, and things like this SHOULD be secured.

    Implying that simply because the departments arn't completely open to the internet in a thousand ways is a denial of freedom of information, is a huge leap.

    Granted, nobody trusts bush, and they shouldn't, as this is likely what he plans to do, but this part in particular is a good idea.

  2. Re:$30 billion? by Anonymous Coward · · Score: 5, Insightful

    Why does the public not have any say in where this money goes?


    The public does have a say. Stop voting jackasses to power.
  3. If government networks were secure by design . . . by mmell · · Score: 5, Insightful
    instead of the more commoditized view of networking and security as two seperate entities, it might help.

    TCP/IP was never intended to be secure. It was intended to be flexible, robust and fault-tolerant. Security was not incorporated in the design of TCP/IP networks, save as a kludge attached after the fact. Fine for most of us; but if security is critical, I recommend using a different technology at the network level, one which incorporates security at the fundamental level. Since these networks should already be defined as "dark" networks, the potential for inter-network connectivity issues should not be a major consideration.

    Yes, DarpaNet is a remarkable invention - but it's the Model-T of the computing industry. Y'know how many guys got their arms broken by that bloody starter crank, before Henry F. incorporated a lead-acid battery and electric starting moter? Sure, the hand-crank works well enough, but it's time to come up with the next advancement, not to mandate more foam padding and other safety features for the arm-breaker.

  4. Re:$30 billion? by Skyshadow · · Score: 4, Insightful

    The public does have a say. Stop voting jackasses to power. ...but if we didn't vote for our jackasses, the wrong jackasses might get in!
    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  5. Re:$30 billion? by cryptodan · · Score: 5, Insightful

    You have to realize the magnitude of the US Federal Government internet foot print. You have to include all the ships in the US Navy, all the Army, Air Force, and Marine bases as well as Naval Bases. There are liaison offices, Embassy Offices, and other places. 30 Billion isnt that much for a network that big.

  6. Re:$30 billion? by morgan_greywolf · · Score: 3, Informative

    Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners?


    No, they are itemizing Cisco Pix firewalls at $500,000 a pop. Not including labor.

    --
    My blog
  7. Could the article title have any more flamebait? by the+computer+guy+nex · · Score: 4, Insightful

    Bush Cyber Initiative Aims To Monitor, Restrict Access to Federal Network


    This was obviously worded to stir the 'Left' trolling the comments.

    The article speaks of data lost to China last year due to hackers on the Government network. If our tax dollars should pay for anything, it should be national defense and to protect this data.
  8. Finally on target by booch · · Score: 3, Insightful

    I'm glad to see that the Bush administration is finally on target with their network monitoring. They've been monitoring innocent citizens on the open Internet for years now. Pretty amazing that they'd do that before bothering to secure their own networks.

    What's more amazing is that I'm still amazed by government stupidity and corruption.

    --
    Software sucks. Open Source sucks less.
  9. Firewalls by davidwr · · Score: 4, Insightful

    I hope classified data already runs on its own networks isolated from the Internet. Some unclassified but sensitive data, such as taxpayer and social security data, should be given the same treatment.

    When the technology allows for it, I expect most companies to do the same thing, limiting or eliminating access to their sensitive data from computers that have access to the Internet.

    As for data that is supposed to be public, read-only copies - perhaps made nearly in real time - must be accessible to the public. If someone manages to break security and trash a read-only copy, the original data remains uncorrupted.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Firewalls by yuna49 · · Score: 3, Informative

      The BusinessWeek story tells of a forged email sent to a senior official at Booz, Allen Hamilton involved with sales of US military hardware. The From address was forged to be from a senior Defense Department official, and the message contained a trojan PDF attachment that included a keystroke logger. These sorts of targeted attacks ("spear-phishing") have been on the rise in the commercial sector as well.

      But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.

      Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?

      The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.

      While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.

      BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.

  10. How this will impact public information resources by wiredog · · Score: 3, Informative
    such as the Library of Congress, ... or even the US Congress remains to be seen.

    Since the LoC and Congress are Legislative branch, and the President's Cyber Policy is from the Executive branch, I'd say "very little".

    --

    Best Slashdot Co
  11. Re:The Issue with the George Bush Cyber Initiative by Peter+Simpson · · Score: 5, Insightful

    The White House can't even manage to back up their emails. How are they going to manage a "Cyber Initiative"?

    (whatever that is...I don't think I want to find out)

  12. Re:$30 billion? by Lookin4Trouble · · Score: 5, Interesting

    Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners? *sigh* Thou shalt not feed the trolls No. The whole myth of $300 hammers and $1000 toilet seats came from a model of contract purchasing that's been out of use since the 1980s. That contract may have 300 hammers ($5 apiece) and one jet engine ($150,000), but the total cost of the contract ($151,500) gets spread across each item on the contract, so it shows up as (Quantity: 300, Hammer, $505 ea., Quantity: 1, Jet Engine, $505 ea.)
  13. Re:The Issue with the George Bush Cyber Initiative by magarity · · Score: 5, Funny

    stuffed into a corner of that idiot's office
     
    Dude, what corner? His office is oval. Who looks like the bigger idiot now?

  14. Proposed security measures... by vmxeo · · Score: 5, Funny

    Well, if it follows the same pattern of security as other parts of the government, each packet will be required to show two forms of government-issued ID, restrict its data to whatever it can fit into 3 ounce bottles in a clear quart-sized bag, and remove its shoes. Additionally, packets will also be subject to a "No-Route" list, and may also be randomly pulled aside for deep inspection. It will be suggested for packets to arrive at least 1 hour earlier (2 for international routing) for the extra queue length caused by the increased security.

    --
    Shameless plug for my photos on Flickr
  15. Re:$30 billion? by eln · · Score: 3, Insightful

    How delightfully naive. This administration should have taught you that it just doesn't work that way anymore.

    If you give them less money, they won't spend any less, they'll just go further into debt. The national debt is now so large that it is completely incomprehensible even to those in power.

    The debt currently stands at almost 9.5 trillion dollars, and is increasing at around 1.67 billion dollars per day. This level of spending would make even a drunken sailor blush, and it's being done despite the fact that we are giving them less money through the various tax cuts that have been implemented over the past 7 years.

    The government spends money as if it were monopoly money, and accumulates expenditures with little or no regard to the disparity between revenue coming in and expenditures going out.

  16. Re:$30 billion? by mcmonkey · · Score: 4, Insightful

    Wouldn't it be nice...

    Why on Earth would I want to give them more? On the contrary, if we give them less money, they will have less power.

    The problem with giving the federal government less money is, we made the mistake of telling them what 'credit' is and gave them the power to increase their own credit limit at will.

    Whatever issues we have with 'tax and spend' Democrats, they have a more honest approach than 'borrow and spend' Republicans. But the bottom line is still, between the Democrats and Republicans, there is no right lizard.

  17. Re:The Issue with the George Bush Cyber Initiative by mweather · · Score: 4, Informative

    Every single email in the white house's email system is backed up and available for congressional auditors. The problem is Bush (and at least 88 other officials) broke the law and used the RNC and Bush/Cheney '04 accounts for official business.

  18. Oh the irony by Hoi+Polloi · · Score: 3, Insightful

    Does anyone see the irony in calling a large scale government information project "Byzantine"?

    --
    It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning