[telecom] The Pentagon And Cyber Defense, Cyber Warnings

[snip]

I had to respond to the comments of our esteemed moderator [no smileys - I'm serious about the adjective].

Most of the time, I think your take would be correct. However, this is one field where I think that the Pentagon et al are underestimating the threat. We will never get the data, but from what I hear, there are continual, persistent attacks at the nation's largest banks. It is only a matter of time before we start having national blackouts because someone managed to hack into the power grid; local disasters because someone hacked into the local water company and released all the chlorine at once; and who knows what else.

I'm not sure that the Pentagon's solution is adequate, but I think DARPA should certainly be involved in designing a new internetworking protocol which emphasizes security. And, actually, as I think of it, this really is on-topic, because the dunderheads at the phone companies really want to get rid of the PSTN and replace it with VoIP - which is IMHO a disaster in the making.

/* Rant on */

Finally, what on earth do the "voters" have to do with the topic? They have conclusively proven themselves incapable of dealing with reality. Too bad we cannot give a national history test with a passing grade required to receive the privilege of voting (not that in a nation where the Daughters of the Confederacy managed to whitewash history all over the country I would have any great confidence in the contents of a national history test - or that the accepted responses had anything to do with reality).

/* Rant off */

Mark

On Tue, 05 Feb 2013 21:16:06 -0800 Mark Kaminsky wrote,> [snip] >> >First came Leon Panetta, Secretary of Defense, warning that the >> >United States in vulnerable to a "cyber Pearl Harbor " - an Internet >> >attack on infrastructure that could shock and disable the nation. >> > >> >Then came Homeland Security chief Janet Napolitano, just last week, >> >saying a "cyber 9.11" could happen "imminently." Then news that the >> >Pentagon is looking to sharply expand its force of cyber warriors. > [snip] > >> >***** Moderator's Note ***** >> > >> >Let's see: >> > >> >1. Sky-is-falling warnings concerning a subject that few >> > voters are aware of, let alone competent to evaluate. >> > >> >2. The Pentagon wants more and more money to address the >> > "threat". >> > >> >3. Yawn. >> > >> >Bill Horne >> >Moderator

Bill is generally on target here. There is a problem, but the Pentagon's strength is in kinetic weaponry and manpower, not software. "Cyber-war" as a metaphor does not mean that men in uniform are the answer. But then Mark does make some good points:

This is all true. The use of IP, and of a single, wide-open Internet, is very risky. It wasn't designed for security. And it's much harder to add security to an insecure design than to create controlled public access in a secure design. Utilities should not put critical infrastructure onto the public Internet.

There is a new internetworking protocol under development, far from the IETF and its TCP/IP fanbois, which addresses these and other problems. It's called RINA, Recursive InterNetworking Architecture. The very brief description is that it uses the same layer machine at every layer, as many as needed (not a fixed number of layers), so there are very few protocols needed. It allows (some functions are essentially options to be requested as needed) authentication, encryption, multicasting, mobility, and quality of service options. Its advocates are the Pouzin Society

) and a pilot implementation is being built in Europe by IRATI Consider this the result of many years of observation of what works and especially what doesn't work in the TCP/IP stack, which is older than MS-DOS. Network science instead of alchemy.

The theoretical underpinnings are in John Day's book, Patterns in Network Architecture: A Return to Fundamentals.

And it will never be adopted by any substantial user base, despite Mr. Goldstein's evangelizing in this newsgroup.

-GAWollman

- - Garrett A. Wollman | What intellectual phenomenon can be older, or more oft snipped-for-privacy@bimajority.org| repeated, than the story of a large research program Opinions not shared by| that impaled itself upon a false central assumption my employers. | accepted by all practitioners? - S.J. Gould, 1993

***** Moderator's Note *****

Why not?

Bill Horne Moderator

That's like saying that we shouldn't let our children walk on busy streets or that someone offering to sell a pistol for two dollars might have an ulterior motive: some things are just understood.

Using a "single, wide-open Internet" may be risky, but that's not what users do. When people have data that needs protecting, they take steps to address the risks, and those measures make the Internet *they* use into a much safer place.

When the IETF or other major standards bodies endorse it, I'll be very interested. In the meantime, though, we're stuck with the Internet we've got, including the TCP/IP Protocol stack.

As things stand now, it's not practical to consider *any* change away from IP. There are too many routers out there, and too many techs who've never done anything else /but/ IP, and too many individuals and companies with a vested interest in keeping IP alive.

Backbone speeds have risen to a point where we can encapsulate inside IP, and just use the Internet as exactly-what-it-was-intended-to-be, which is a high-speed information transfer system. IMHO, TCP/IP is not the enemy, and is not the solution to security problems.

Security is a complicated subject, and what little I've been taught about it convinces me that users won't accept "security" until there is a major loss that affects them personally, such as widespread exploitation of the Electronic Funds Transfer network or the stock exchanges.

Take, just as on example, our money management: by and large, every place where computers touch money is an example of a mechanical overlay on a preexisting manual system, and every aspect of the manual systems was thrown out when it wasn't needed to make the computer replacements work. This is the reason that identity theft is so easy: computerized banking has replaced the old, tried-and-true system of face-to-face identity verification which was the cornerstone of banking prior to computers.

When there is a major meltdown of the EFT system, or a major, well-publicized instance of fraud that uses computers to trick the ATM networks, *THEN* people will accept more security.

FWIW. YMMV.

Bll

An earlier post on this topic, by Fred Goldstein, appeared with the Subject: line of

Re: The Pentagon And Cyber Defense, Cyber Warnings [nfp] [telecom]

.. which was incorrect. Although Fred /did/ have some Not For Publicatoin material in his original email to the Digest, it concerned the rest of the email, which /was/ intended for publication, so I published his post after removing the private content: I did, however, neglect to remove the Not For Publication tag from the Subject line.

My apologies for the confusion. If you choose to file a public reply to Fred's post, please remove the "[NFP]" tag. TIA.

Bill Horne

Because, like or not, we have a huge installed IP base that isn't going to go away and isn't going to change. IP connectivity is everywhere, and it's just so incredibly cheap that it's hard to compete with.

Personally I would like to have seen ATM be adopted, if only because it allows circuit switched and packet switched connections to share the same channels on a reliable basis with predictable behaviour. But it didn't really take off because IP was there first.

God, I hate VoIP and all the other attempts to run realtime data over packet switched systems. But... it's so cheap...

--scott

There's nothing inherent in packet switching that makes it "non-realtime"; the problem is that all of the technologies that have been proposed (and I worked on one of them) were too complicated and didn't squarely address the economic fundamentals of the Internet providers' businesses. Access providers in particular have no incentive, abesent a regulator's order, to provide service that would give their competitors better access to (mostly captive) customers' homes and small businesses.

-GAWollman