Slashdot Mirror
NSA Chief Wants Internet Partitioned For Government, 'Critical' Industries
GovTechGuy writes "NSA chief Keith Alexander, also the head of the US Cyber Command, told reporters that he would like to see the creation of a secure zone on the Internet for government and critical private sector industries such as utility companies and the financial sector. Alexander has repeatedly emphasized the dramatic nature of the cyber threat facing American networks and his comments were a further sign that the Pentagon does not think the war against foreign hackers can be won. Alexander denied the military has any role in safeguarding civilian networks currently, but didn't rule out the option in the future."
Somebody's confused about the difference between "an internet" and "The Internet".
Help stamp out iliturcy.
So, what they want is a private IP-based network. No sweat, we've been building those for a couple of decades now. When I did point-of-sale for a truck-stock company, we had our own private network for connecting to our stores, credit-card processors and the like. You need routers, appropriate leased-line or other dedicated bandwidth, and some time spent on a white-board laying out the topology. The only real hard part is making sure you don't connect any machines to this network that also have connections to the public Internet. Yes, this means the machines on that network aren't going to be able to access the public Internet. You wanted a private, isolated network, you get a private, isolated network. If you want to live dangerously you can create appropriate DMZs and firewalls and proxies to give internal machines external access, but remember that that means worms, viruses and other malware can ride in on stuff coming back in through that external access and infect machines inside the perimeter. At that point your "protected" network isn't protected at all (in fact it's probably more vulnerable, since you likely skimped on internal protection since it's supposed to be a protected network).
Their goal is probably to get an excuse to somehow restructure the internet.. Who knows what "partitioning" may entail?
This could be a great "excuse" for us, too. We should make him a deal. Partition off the governmental and "critical industry". Now the public Internet has no more high-profile targets. Then, drop all the warrantless wiretapping, eavesdropping, and other monitoring from the public Internet and use it to lock down the governmental and critical parts. All of the resources and manpower focused on a much smaller target should do wonders towards securing us against the currently trendy bogeyman of "cyberattack".
It is a miracle that curiosity survives formal education. - Einstein
I've always said: "Why should [X] be connected to the public internet in the first place? Isn't connecting [X] to the public internet a really bad idea?"
Where [X] is any number of things: (list not exhaustive)
a power plant control system
a waste water treatment plant control system
an electrical plant control system
an electrical substation control system
a train station control system
a traffic control system
There are many things besides control systems, but for this post I am thinking of basic infrastructure. If these things need to be networked, they should be on their own private network with limited access. These problems also occurred before the internet existed. For example by connecting them to the public telephone system. (sometimes with no password, relying on the obscurity of the phone number to limit access)
It is not just the public sector that needs to learn this, but also private industry. If it is vitally important, limit physical access to it. Private networks exist for a reason. There is no need to do anything to the public internet.
-Mysteryvortex
Until someone gets tired of having to use another machine for the "real" net and hooks up a router between them. Half an hour tops before some idiot breaks the separation model. Yes, people ARE that dumb.
Why guess when you can know? Measure!