Cyberwarfare, probably the most loaded term in computing history outside of anything a sales rep has told you about their latest IPS product. If we really wanted the Department of Defense’s networks to be more hack-resilient, we should demand that they remove any presence they have on the public Internet.
When former Deputy Secretary of Defense William Lynn, a Raytheon lobbyist, was appointed one of his first initiatives was to open up the DoD to social media sites (1). The tack he took was to try to ‘balance’ the social media world with the fact that those same platforms had been used to attack DoD networks. The effect, however, was quite different.
This social media position taken by Secretary Lynn had the effect of allowing any and all Facebook, Youtube, etc. through the DoD networks as long as they were “approved”. Now am I saying that a former Raytheon lobbyist deliberately weakened military networks for the purpose of growing Raytheon’s multi-billion dollar Federal cyber defense contracting arm, of course not. I am just saying that anybody who was truly concerned about ‘cyberwarfare’ and ‘hacktivists’ would probably not want to have military personnel cruising MySpace, or able to get on their Gmail.
Bringing up a more salient point, should we be funding web surfing? Why does the DoD need a web presence above a web page, and a Wikipedia entry? We spend hundreds of billions of dollars a year on security, and network management at the federal level. Can’t we shave a few billion off and make them use their own, secure, network? Wait, we already do - it’s called the SIPRNet, JWICS, NSANet, and a whole host of others. They are not routable to the public Internet. They still manage to reach our deployed assets. The DoD can’t even move to a whitelist format where they could just blackhole domains that don’t route to .mil or .gov.
Personally, I know that deploying to a foreign country is rough when you have loved ones at home. When I wanted to talk to my family, I needed to go to the office and either set up a telecon with my relatives or use the unsecured line and a calling card. I realize it would have been easier to do this over the Internet, but that just wasn’t possible at the time. Are deployments supposed to be easy though? I signed up for the military, mostly of my own volition. There were some external circumstances that forced my hand a bit, but those were of my own making as well. Maybe we should consider making deployments less frequent instead of focusing on making them easier.
The next time somebody gets up and talks about “Advanced Persistent Threat” or “Anonymous” why don’t we ask them why don’t they take the DoD off of the Internet? Security consultants ought to be pushing for the military to get their bottoms off the public tubes. I know it sells books and consulting services to have the perpetual cyber-employment scheme running, but if you actually care we should cut the cord. By the way, former Secretary Lynn is now the head of DRS Technologies whose Google tagline reads “Supplier of defense electronic systems to government and commercial markets.” Just pointing out the facts people...just the facts (2).
No comments:
Post a Comment