US Government to Have Only 50 Gateways

Narrative Fallacy brings us a story about the US government's plan to reduce the roughly 4,000 active internet connections used by its civilian agencies to a mere 50 highly secure gateways. This comes as part of the government's response to a rise in attacks on its networks. "Most security professionals agreed that the TIC security improvements and similar measures are long overdue. 'We should have done this five years ago, but there wasn't the heart or the will then like there is now,' said Howard Schmidt, a former White House cyber security adviser. 'The timetable is aggressive,' he said, but now there is a sense of urgency behind the program. Small agencies that won't qualify for their own connections under TIC must subcontract their Internet services to larger agencies."

Re:Is it just me...

[Pfhor]

Are you kidding?

Trying to maintain standards and practices across 4,000 gateway points vs 50. Let alone the agency bureaucracy that would be involved in doing site checks and working across various agency boundaries would be a nightmare. It would take eons to get those things in place to do consistent auditing and management to ensure standards and procedures are followed, let alone actually do them. Might as well consolidate bandwidth costs and number of checkpoints down to 50 in the process.

From lots of little contracts to BIG CONTRACTS!

[mikelieman]

I wonder what 'Loyal Bushie Companies' are being paid back with the contracts for this work?

Re:From lots of little contracts to BIG CONTRACTS!

[iamsamed]

I wonder what 'Loyal Bushie Companies' are being paid back with the contracts for this work? Considering the questionable way contracts have been awarded by the Government over the last several years, the parent's comment is more "Insightful" than "Troll".

And, as a taxpayer, is a legitimate question that should be addressed by our Government. Especially, when, not if, it comes to light that the project runs over budget by millions of dollars which they inevitably do. Disgustingly, fleecing of the taxpayer has become de rigeur.

Re:Great Wall of China

[danwesnor]

Government employees are allowed to own home computers connected to the real internet, where they can stroke pr0n and post wikileaks to their heart's content.

Hopefully this will work out better

Than the whole US Senate machine level of security:
Netcraft
When the U.S. Justice Department stepped up its investigation of cybercrime, it found spam originating from an unexpected source: hundreds of powerful computers at the Department of Defense and the U.S. Senate. The machines were "zombies" that had been compromised by hackers and integrated into bot networks that can be remotely controlled to send spam or launch distributed denial of service attacks.
(this link also mentions the older Republican access of the Democrat fileserver)

Newbie Mistake

[SilentOneNCW]

You'll never get enough Zealots out with only fifty Gateways...

Re:Great Wall of China

[iamdrscience]

I tried to think of counter-examples to your point and I had trouble, but in the process I stumbled across an even better idea. The first thing I thought of was cages at the zoo. To some extent, this example shows your point because the barriers at zoos are designed much more to keep animals in than spectators out. However, despite being designed to keep animals in, they are just as successful at keeping people out. Why is this? Partly it's because zoos make it difficult for people to get inside cages, but mostly it's because inside the cages are dangerous animals. At this point, inspiration struck: if dangerous tigers can keep people out of a cage at the zoo, couldn't they also be used to protect a computer network? Of course they could! Who would risk hacking a network if it meant getting eaten alive by tigers?

As far as a practical implementation, I imagine that behind the network's regular firewall, one would just place a container of tigers (a "Tigerbox") that way. The firewall will work as a general security measure, but if a hacker were to break through into the network, he would be immediately eviscerated by tigers. I suppose that in theory, one could even get rid of the firewall entirely, like you suggest, and protect the network entirely with tigers. I'm not sure how practical this would be, due to the increased number of tigers required. However, it might be feasible in a few years once tigerboxes are more popular and the market begins to flood with cheap commodity tigers.

Re:Is it just me...

[innerweb]

Let me see...

• 1) Each point of failure might have a greater chance to block a part of the network (depends on design). They could design it so that the 50 points lead to a network that is redundant behind the 50 points. If one point were to be blocked, then the traffic could be re-routed to other points. Much more secure and manageable than 4000 points. Bandwidth is only as much of an issues as the 50 points of connectivity allow/limit.
• 2) Actually, as to honeypots and counter-surveillance, you are getting much better control. There is not limit to how many false access points you can seed (outside of resources). With fewer access points to monitor, policing the network becomes much easier.

With 50 gateways, if the internal network is built correctly (unlike say a how certain cable company does their's), then I can not think of any real net negatives except the complexity of the internal network now. But, given the serious issues the 4000 has, the complexity of the internal network is a relatively non-existent issue.

InnerWeb