Re: Top Secret DOD Data over the Public Internet? Thoughts?

["Marcus J. Ranum" <mjr () ranum com>]

Christopher Hicks wrote:
> Maybe if we weren't spending so much money sacrificing our military might in the Middle East we'd have enough money 
> left over to run our Top Secret network?

That is utterly bogus logic. There's plenty of money; the problem is that it's
not spent efficiently since the government has virtually no in-house expertise
and outsources everything to beltway bandits for implementation. The
Government spends massive amounts of money on information technology;
"lack of money" is not the issue; it is the expense that comes from
"lack of clue."

If you read the article and are at all familiar with the DOD's GIG plans, you'll
know it's not about cost; it's about availability, ubiquity, and failover. The next
generation army cannot unroll a T-1 line behind them as they go; the question
is how to leverage existing bandwidth to accomplish a mission. Obviously,
security and trust boundaries are a huge question mark in that discussion.
But it's a discussion worth having. It's being had - but not in this forum. :)

Another thing to consider: that article appeared to be based on comments
from someone at DISA. You need to understand that, like with every other
large multi-agency project, GIG is beset with politics. It is possible that
what we are seeing is one agency peeing on another's plans to the media
in an attempt to derail their approach in favor of another one. In The
Government right now security is in an interesting spot: there's budget
for it so grabbing for the feed-bag is attractive to empire-builders, but
it's hard and there's a chance of failure and consequent damage to
the empire being built. Typically that translates to calls for more money,
because when you're working with beltway bandits and you have no
in-house IT expertise, having lots of extra $$ to blow is seen as a
hedge against failure.

>  As much of a pain in the butt as physically seperate is to maintain we've seen clearly given how various widely 
> respected crypto algorithms have been undermined just in recent weeks that as vital and necessary as crypto is that 
> it doesn't provide a complete solution.

When I read that article, the only thing I could interpret it as was an
attempt by the DISA spokesperson to pee on someone else's idea.
But - yes - there are bad ideas in play and they may come to fruition.
Goodness, me, that's never happened before! :)

> We won't have to worry about anybody at Los Alamos losing hard drives anymore when our Latest Terrorist can just 
> crack a poorly administered firewall.

Then which is the greater threat? The Terrorist, or the lack of good
administration?

Our "digital Pearl Harbor" is staring is in the face, and we've already
lost it. It happened in the 90's when The Government decided that
in-house expertise was too expensive and outsourcing everything
to beltway bandits made more sense. The result is a federal IT
staff that know how to read powerpoints and proposal responses.
They don't manage those firewalls, they're managed by contractors.
By the lowest bidder in many cases.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards