Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bush Cyber Initiative Aims To Monitor, Restrict Access To Federal Network

Zonk posted more than 6 years ago | from the gotta-keep-em-seperated dept.

United States 120

dstates writes "Details of George Bush's Cyber Initiative are beginning to trickle out. The Cyber Initiative was created in January to secure government against electronic attacks. Newsweek says that over the next seven years, Bush's Cyber Initiative will spend as much as $30 billion to create a new monitoring system for all federal networks, a combined project of the DHS, the NSA and the Office of the Director of National Intelligence. The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. ComputerWorld reports that all data traffic flowing through agency networks will be checked, and that it will be inspected at a deeper level than the current system is capable of. BusinessWeek, meanwhile, reports that one requirement is to reduce the number of internet access points in the Federal Government from the thousands now in use to only 100 sites by June 2008. How this will impact public information resources such as the Library of Congress, National Library of Medicine or even the US Congress remains to be seen."

Sorry! There are no comments related to the filter you selected.

$30 billion? (2, Insightful)

baudilus (665036) | more than 6 years ago | (#23077064)

Why is it that everything the government does costs so much more than what it would normally cost?

Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners?

Why does the public not have any say in where this money goes?

Re:$30 billion? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#23077112)

Why does the public not have any say in where this money goes?


The public does have a say. Stop voting jackasses to power.

Re:$30 billion? (4, Insightful)

Skyshadow (508) | more than 6 years ago | (#23077136)

The public does have a say. Stop voting jackasses to power.
...but if we didn't vote for our jackasses, the wrong jackasses might get in!

Re:$30 billion? (2, Interesting)

rbannon (512814) | more than 6 years ago | (#23077582)

Why does the public not have any say in where this money goes?


The public does have a say. Stop voting jackasses to power.
We're beyond voting. At best, let's hope we're invaded by the next America to help puts us back on our feet.

Re:$30 billion? (1, Insightful)

That's Unpossible! (722232) | more than 6 years ago | (#23077604)

You're implying there are some non-jackasses to vote for.

I have a better idea -- let's stop funding them.

Whenever a Democrat tells me we need to raise taxes -- in whatever code words they are using at the time, be it increasing business taxes or "rolling back the Bush tax cuts" -- I love pointing out where all the money is currently wasted. (Almost everywhere it's spent.)

Why on Earth would I want to give them more? On the contrary, if we give them less money, they will have less power.

Re:$30 billion? (3, Insightful)

eln (21727) | more than 6 years ago | (#23077956)

How delightfully naive. This administration should have taught you that it just doesn't work that way anymore.

If you give them less money, they won't spend any less, they'll just go further into debt. The national debt is now so large that it is completely incomprehensible even to those in power.

The debt currently stands at almost 9.5 trillion dollars, and is increasing at around 1.67 billion dollars per day. This level of spending would make even a drunken sailor blush, and it's being done despite the fact that we are giving them less money through the various tax cuts that have been implemented over the past 7 years.

The government spends money as if it were monopoly money, and accumulates expenditures with little or no regard to the disparity between revenue coming in and expenditures going out.

Re:$30 billion? (1)

StarfishOne (756076) | more than 6 years ago | (#23078524)


I recently heard a nice way to help put these large numbers in perspective.

The following time is the time it would take to pay of the following amounts at a rate of 1 dollar per second:

1 million = 11.57 days
1 billion = 31.71 years
1 trillion = 31,710 years

So at 1 dollar per second, it would take 301,243 years to pay back that 9.5 trillion dollar debt.

Re:$30 billion? (1)

strabes (1075839) | more than 6 years ago | (#23078862)

"If you give them less money, they won't spend any less, they'll just go further into debt."

This is why we should vote for real fiscal conservatives, not tax-and-spend Republicans like Bush & friends.

Re:$30 billion? (1)

dogmatixpsych (786818) | more than 6 years ago | (#23079034)

That's not a fair label. They are borrow-and-spend, not tax-and-spend. Sheesh! Learn the difference. ;)

Re:$30 billion? (1)

davolfman (1245316) | more than 6 years ago | (#23080694)

Greenbacks ARE monopoly money. Ever since we went off a metal standard.

Re:$30 billion? (4, Insightful)

mcmonkey (96054) | more than 6 years ago | (#23077998)

Wouldn't it be nice...

Why on Earth would I want to give them more? On the contrary, if we give them less money, they will have less power.

The problem with giving the federal government less money is, we made the mistake of telling them what 'credit' is and gave them the power to increase their own credit limit at will.

Whatever issues we have with 'tax and spend' Democrats, they have a more honest approach than 'borrow and spend' Republicans. But the bottom line is still, between the Democrats and Republicans, there is no right lizard.

Re:$30 billion? (1)

mweather (1089505) | more than 6 years ago | (#23078188)

There are planty of no-jackasses to vote for, and they're easy to find. Look on the ballot for a name without a D or and R behind it.

Re:$30 billion? (2, Insightful)

Skuld-Chan (302449) | more than 6 years ago | (#23078546)

Eh? If they have less money - they'll just spend more of what they don't have.

They are already spending more than they take in right now...

I like how you blame it on democrats too - Bush lowers taxes, but spends more than any democrat. Essentially what he's doing is deferring any really hard financial decisions to the next guy/girl in power. Its like a stealth raise in taxes because the more deficit spending that occurs the more worthless our dollar is.

Ever hear of "deficit spending?" (1)

Foerstner (931398) | more than 6 years ago | (#23078778)

On the contrary, if we give them less money, they will have less power

Oh, yeah, sure. After all, the government can't spend money it doesn't have.

Re:$30 billion? (1)

CCW (125740) | more than 6 years ago | (#23079242)

You don't get that choice lately, it's either tax-and-spend and spend-and-tax-more-later

Given that choice, I guess I'm happier with the former since at least it is honest and I'm not paying interest.

Re:$30 billion? (0)

Anonymous Coward | more than 6 years ago | (#23079292)

You're implying there are some non-jackasses to vote for.

I have a better idea -- let's stop funding them.

Whenever a Democrat tells me we need to raise taxes -- in whatever code words they are using at the time, be it increasing business taxes or "rolling back the Bush tax cuts" -- I love pointing out where all the money is currently wasted. (Almost everywhere it's spent.)

Why on Earth would I want to give them more? On the contrary, if we give them less money, they will have less power.
You've got two options in this coutry: Tax and Spend Democrats and Borrow and Spend Republicans.

Re:$30 billion? (1)

wizardforce (1005805) | more than 6 years ago | (#23079316)

Whenever a Democrat tells me we need to raise taxes -- in whatever code words they are using at the time, be it increasing business taxes or "rolling back the Bush tax cuts" -- I love pointing out where all the money is currently wasted. (Almost everywhere it's spent.)
and whenever a republican tells me that they're going to roll out new tax cuts, I point out the national debt and complete lack of funding for anything useful. republicans don't spend any less than democrats do on pork, they merely cut anything useful to pay for their pork.

Re:$30 billion? (2, Interesting)

Kingrames (858416) | more than 6 years ago | (#23080328)

On the contrary, if the jackass party had been elected in 2000, we wouldn't have these problems.

Re:$30 billion? (5, Insightful)

cryptodan (1098165) | more than 6 years ago | (#23077146)

You have to realize the magnitude of the US Federal Government internet foot print. You have to include all the ships in the US Navy, all the Army, Air Force, and Marine bases as well as Naval Bases. There are liaison offices, Embassy Offices, and other places. 30 Billion isnt that much for a network that big.

Re:$30 billion? (3, Informative)

morgan_greywolf (835522) | more than 6 years ago | (#23077218)

Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners?


No, they are itemizing Cisco Pix firewalls at $500,000 a pop. Not including labor.

Re:$30 billion? (1)

mweather (1089505) | more than 6 years ago | (#23078206)

That's not much of a markup.

Re:$30 billion? (5, Interesting)

Lookin4Trouble (1112649) | more than 6 years ago | (#23077488)

Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners?
*sigh* Thou shalt not feed the trolls
No. The whole myth of $300 hammers and $1000 toilet seats came from a model of contract purchasing that's been out of use since the 1980s. That contract may have 300 hammers ($5 apiece) and one jet engine ($150,000), but the total cost of the contract ($151,500) gets spread across each item on the contract, so it shows up as (Quantity: 300, Hammer, $505 ea., Quantity: 1, Jet Engine, $505 ea.)

Re:$30 billion? (1)

baudilus (665036) | more than 6 years ago | (#23077642)

For what it's worth, my question was an honest one, even though it may have sounded trollish. My apologies for that. It's just that $30 billion is still a lot of money. I am aware that government networks can be a pain (as I have done work for government), but for the scope of work it's still expensive. I suppose if you factor in the time frame (two months!) it's more reasonable, as it would be quite labor intensive.

Re:$30 billion? (1)

Lookin4Trouble (1112649) | more than 6 years ago | (#23079212)

It's just that $30 billion is still a lot of money
Quoted for posterity and perspective. $30Bn is roughly a month's budget overrun (IE Money spent beyond what is actually budgeted) for the entire US Government. Just thought I'd throw that out there.

And don't worry, I'm sure your earlier comment only seems trollish to those who have worked in purchasing/contracting for the government.

One further point I'd like to make, however. We the gub'mint'ers are bound by a certain set of laws, when making purchases.

If Company A, the fine upstanding manufacturer of Widget X offers to sell us 1,000 units of Widget X at $50 apiece and install them for free, while Company B, who resells Widget X, offers to sell us 1,000 units of Widget X at $125 apiece, and charge us an unknown number of hours of labor at $190/hour, the choice would seem pretty easy, right?

It is, unless Company B happens to be a "Small, disadvantaged, woman- and/or minority- owned" business (there are some legal requirements, burdens of proof, etc... but it's easy enough to adopt a girl from China to register said Company in her name for 10 years at a time), We are legally obligated to purchase from Company B.

Dollars to donuts this initiative is being tossed to 8(a) companies (as mentioned above), or someone has written a long and convincing argument as to why the contracts should be going to the company he/she (a) has stock in, (b) has family/friends who would directly benefit from this work, or (c) has received the most bribes from. Corruption is a terrible thing, especially when it comes to your (and my!) tax money being wasted, but it happens so often it doesn't even make the front page of the Washington Post anymore.

Re:$30 billion? (0)

Anonymous Coward | more than 6 years ago | (#23078870)

Sounds like a sneaky way to prevent rigorous expense analysis. Spreading out the cost of shipping or taxes on a purchase to the various items makes sense though ... unless your hammers weigh 2lbs, and your jet engine weighs 1000lbs. Crap.

Re:$30 billion? (-1, Flamebait)

eebra82 (907996) | more than 6 years ago | (#23077508)

Why does the public not have any say in where this money goes?
People in the United States seem less vigilant on privacy and security topics nowadays. The Bush paradigm annoys me so much that I sometimes wonder why I still live in a country that put GWB in power (twice). And perhaps even worse, I wonder why the administration gets away with so many perplex decisions that led to so much suffering.

As for the $30bn, I guess it's the same story as always; the administration will appoint some politicized corporations to do this, let their executives fly back and forth in expensive jets, and so forth. Of course insanely large projects cost far more than smaller ones. They require more administrative profiling, more room for mistakes, etc.

Re:$30 billion? (1)

mweather (1089505) | more than 6 years ago | (#23078232)

It's not just privacy and security we're lax on, but economics, defence, energy policy, education, pretty much anything that doesn't involve people with a skin color that is different than ours (terrorism and immigration).

Re:$30 billion? (1)

Culture20 (968837) | more than 6 years ago | (#23078466)

people with a skin color that is different than ours
And who would they be? We've got ever color in the world, including the only blue-skinned folk:
http://www.foxnews.com/story/0,2933,317564,00.html [foxnews.com]
http://www.youtube.com/watch?v=3XV0I6Q70Yw [youtube.com]
http://www.blueman.com/ [blueman.com]
Yeah, I know, the Smurfs are French, but they're communist, so that's the only reason you don't see them in the U.S. ;)

Re:$30 billion? (1, Informative)

Anonymous Coward | more than 6 years ago | (#23078918)

I'd like to find out which Government branch is buying hammer's for $300.00 and toilet seats for $1,000.00. Our company is a government contractor selling technology supplies and IT solutions to Dept of Defense and Homeland Security. We have to get special Federal pricing from the Manufacturers which is considerably less than comercial pricing for the private sector. Our profit margins are so minimal, think of 4 to 6 percent of cost. If what you are saying has any weight of truth then perhaps we will add hammers and toilet seats to our product line. Please advise as to any other products that we should consider.

SlashBias (4, Insightful)

CogDissident (951207) | more than 6 years ago | (#23077080)

Well, from a network-security point of view, having fewer links to the web at large is actually a good thing, and things like this SHOULD be secured.

Implying that simply because the departments arn't completely open to the internet in a thousand ways is a denial of freedom of information, is a huge leap.

Granted, nobody trusts bush, and they shouldn't, as this is likely what he plans to do, but this part in particular is a good idea.

Re:SlashBias (2, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#23077168)

No one implied a 'denial of freedom of information' except for you. Fewer access points might mean that public-facing government sites might have performance issues. Or it might not -- it depends on how they implemented it. That's all the summary said -- no one knows how the infrastructure changes will affect public-facing sites because no one knows the design and implementation details yet.

Re:SlashBias (1)

CogDissident (951207) | more than 6 years ago | (#23077202)

No one implied a 'denial of freedom of information' except for you.

How this will impact public information resources such as the Library of Congress, National Library of Medicine or even the US Congress remains to be seen.

Hey, read the summary sometime. Thanks.

Re:SlashBias (1)

morgan_greywolf (835522) | more than 6 years ago | (#23077538)

I did. What part of that quote implies a 'denial of freedom of information'? All it implied was that these and other public-facing sites might be affected by this infrastructure change and no one knows for sure how they would be affected.

You are reading stuff that isn't there.

Re:SlashBias (2, Interesting)

Iridium_Hack (931607) | more than 6 years ago | (#23077766)

I mostly agree - But wonder if another part of this will end out allowing Greater Penetration of the Internet public networks even as it limits access to the government ones. After all, if you have rights and abilities to break into networks in the public domain but never have to be concerned about the public breaking into yours, do as you wish. . . life is good! And no one will ever find out what you're doing.

If they really cared about doing it right, it wouldn't always be a one-sided standard protecting only government privacy. IMHO, they should also be pushing for internet privacy laws and security while going for the Federal Network.

Guess we'll know more as more comes out. .

My sig

The Issue with the George Bush Cyber Initiative... (1, Flamebait)

Skyshadow (508) | more than 6 years ago | (#23077106)

The big issue with the George Bush Cyber Initiative is that it's called "the George Bush Cyber Initiative".

Seriously, try saying that with a straight face: "the George Bush Cyber Initiative". Me, I'm picturing an old arcade cabinet-style version of Galga stuffed into a corner of that idiot's office (right next to the "Missile Command" cabinet that stands in as SDI).

Anyhow, just my first reaction, but it was good for a laugh on a Tuesday morning. Please go back to your normally scheduled conversation.

Re:The Issue with the George Bush Cyber Initiative (1)

snl2587 (1177409) | more than 6 years ago | (#23077188)

You're right, we need a new name for this sort of thing....hmm....well, the government will be putting up a sort of metaphorical "wall"....and the people who intrude will get burned, so "fire" would be good...maybe "Wall-Fire"...or "Fire-Wall"? Naw, it'll never catch on. I'll keep thinking...

Re:The Issue with the George Bush Cyber Initiative (0)

Anonymous Coward | more than 6 years ago | (#23077228)

"the George Bush Cyber Initiative"... ... the place where oxy meets moron.

Re:The Issue with the George Bush Cyber Initiative (1)

cez (539085) | more than 6 years ago | (#23077640)

"the George Bush Cyber Initiative"... ... the place where proxy meets moron.


...there, fixed that for you =)

Re:The Issue with the George Bush Cyber Initiative (0)

Anonymous Coward | more than 6 years ago | (#23078218)

Dang - why didn't I think of that? It's much better. I just knew that swictching to decaf was going to dull the old brainbox.

Re:The Issue with the George Bush Cyber Initiative (0, Offtopic)

Sfing_ter (99478) | more than 6 years ago | (#23077294)

My understanding was that George Bush's Cyber Initiative was getting Achy Breaky Heart onto his iPod, mission unaccomplished?

Re:The Issue with the George Bush Cyber Initiative (1)

aadvancedGIR (959466) | more than 6 years ago | (#23077386)

"The big issue with the George Bush Cyber Initiative is that it's called "the George Bush Cyber Initiative". "

They spend tens of billions (it will probably go into the hundreds in a few years) of our money implementing the worst possible solution to a simple design problem, ...so no, I don't see why that name is an issue.

Re:The Issue with the George Bush Cyber Initiative (5, Insightful)

Peter Simpson (112887) | more than 6 years ago | (#23077448)

The White House can't even manage to back up their emails. How are they going to manage a "Cyber Initiative"?

(whatever that is...I don't think I want to find out)

It's easy (0, Offtopic)

davidwr (791652) | more than 6 years ago | (#23077518)

When your initiative is to protect access to your emails so that people who don't need access can't get to them, even if that means people who should can't either, then it's mission accomplished.

Kind of like the Iraq war: The Saddam Hussain regime is forever prevented from controlling weapons of mass destruction in Iraq. Mission accomplished, damn the consequences.

Re:The Issue with the George Bush Cyber Initiative (4, Informative)

mweather (1089505) | more than 6 years ago | (#23078492)

Every single email in the white house's email system is backed up and available for congressional auditors. The problem is Bush (and at least 88 other officials) broke the law and used the RNC and Bush/Cheney '04 accounts for official business.

Re:The Issue with the George Bush Cyber Initiative (0)

Anonymous Coward | more than 6 years ago | (#23078704)

No doubt the Cyber Initiative will be spearheaded by Mark Foley. :-)

Re:The Issue with the George Bush Cyber Initiative (5, Funny)

magarity (164372) | more than 6 years ago | (#23077558)

stuffed into a corner of that idiot's office
 
Dude, what corner? His office is oval. Who looks like the bigger idiot now?

Re:The Issue with the George Bush Cyber Initiative (1)

hotwatermusic (911310) | more than 6 years ago | (#23077852)

Zing!

Re:The Issue with the George Bush Cyber Initiative (1)

techpawn (969834) | more than 6 years ago | (#23077608)

The big issue with the George Bush Cyber Initiative is that it's called "the George Bush Cyber Initiative".
I wonder if he did it to improve the damage done to his legacy. When we look back on this we'll curse him for the Iraq war. Then again how many of us still cringe when we hear Sarbanes or Oxley and what else did they do? If he can get his name attached to this maybe we will remember him for this instead...
And maybe if frogs has wings...

Re:The Issue with the George Bush Cyber Initiative (1)

Foolicious (895952) | more than 6 years ago | (#23078024)

Galaga. Galga is Spanish for gauge. I don't know what it might mean in other languages. Sorry for the spelling nazism, but I finally saw a chance to somehow rationalize all the quarters I wasted as a youngster.

Re:The Issue with the George Bush Cyber Initiative (0, Offtopic)

Skuld-Chan (302449) | more than 6 years ago | (#23078588)

I had much dirtier thoughts - I'm thinking of a bunch of Bush whitehouse people hanging out on RP servers all day trying to chat up skirts.

Re:The Issue with the George Bush Cyber Initiative (1)

jo42 (227475) | more than 6 years ago | (#23079996)

To screw things up takes an idiot. To really frack things up takes a Bush.

If government networks were secure by design . . . (5, Insightful)

mmell (832646) | more than 6 years ago | (#23077124)

instead of the more commoditized view of networking and security as two seperate entities, it might help.

TCP/IP was never intended to be secure. It was intended to be flexible, robust and fault-tolerant. Security was not incorporated in the design of TCP/IP networks, save as a kludge attached after the fact. Fine for most of us; but if security is critical, I recommend using a different technology at the network level, one which incorporates security at the fundamental level. Since these networks should already be defined as "dark" networks, the potential for inter-network connectivity issues should not be a major consideration.

Yes, DarpaNet is a remarkable invention - but it's the Model-T of the computing industry. Y'know how many guys got their arms broken by that bloody starter crank, before Henry F. incorporated a lead-acid battery and electric starting moter? Sure, the hand-crank works well enough, but it's time to come up with the next advancement, not to mandate more foam padding and other safety features for the arm-breaker.

hand-crank autos (1)

davidwr (791652) | more than 6 years ago | (#23077562)

Yeah, but back in the day you never had to worry about your battery dying.

Re:If government networks were secure by design . (1)

cfulmer (3166) | more than 6 years ago | (#23077680)

So, you're right that TCP/IP has some attributes which make it less than ideal for a number of applications. However, it has (literally) network effects--the protocol is more valuable because of the number of people using it--which is why it has eclipsed all the alternative technologies: DECNET, OSI/ISO, ATM, X.25, Frame Relay, etc.... (I know I'm mixing OSI layers there) Heck, IPv6 is having a hard time even though everybody has pretty much agreed to move to it.

Sure, if you wanted to, you could create a networking protocol with security built in at the lowest layers -- encryption in the data frames, maybe. (Or, more likely, adopt one that was created 15 years ago.) And then, you could create your own network cards that spoke the protocol, your own routers and switches and gateways. Along the way, you'd have to figure out how to solve all the problems that have been addressed in TCP/IP over the past 30 years. And then you'd have to retrofit it all to your existing infrastructure, train people on it and keep it up to date.

Along the way, you'd lose the ability to buy a $60 router or a $15 switch. In the end, it would cost far more than $30B. But, even worse, you'd lose the ability to adopt any future TCP/IP applications.

Re:If government networks were secure by design . (1)

mmell (832646) | more than 6 years ago | (#23077736)

As opposed to fighting a losing battle to secure networks based on a system which by design doesn't incorporate security features.

What's that going to cost, in terms of software design and implementation, training to effectively use and maintain those security kludges, and - oh, yeah, the odd intrusion/data loss which are inevitible?

Re:If government networks were secure by design . (1)

cfulmer (3166) | more than 6 years ago | (#23077970)

Well, the biggest security problem isn't really in the network protocol -- the intrusions that you see happening aren't really due to TCP/IP directly -- they're because of high-level holes in the software, stuff like not checking boundary conditions or sanitizing database inputs. Most intrusions are not really related to TCP/IP, except in an ancillary sense. Intrusions into supposedly secure networks are made from machines which are already authorized to communicate on those networks.

I don't see it as a losing battle. TCP/IP (well, UDP) also wasn't designed to carry voice traffic, but is now carrying a large majority of such traffic (even when a subscriber uses POTS.)

SSL is a reasonably good first step toward securing TCP/IP traffic. You can call it a "kludge" if you want, but it's very well-understood and fairly effective. SSH is another great example.

Re:If government networks were secure by design . (0)

Anonymous Coward | more than 6 years ago | (#23077924)

You don't even need to make your own cards. Make it run over Ethernet. You couls use ARP to resolve network addresses. The only thing that you'd have to design would be efficient routers, and that can all be prototyped in software. (Write a version for Linux or BSD or even Windows for the protcol, stick two cards in a machine, and do the routing that way.) Switches and hubs would still work properly. You'd have to encrypt the data before putting it on the wire. If that's a big deal, create a box that takes RJ45 in and puts RJ45 out and have it do the encryption. Again, this can all be done in software.

In short, it's easily doable. Now whether they'll hire the people who can do it effectively and efficiently, well, that's a different story.

for starters (0)

Anonymous Coward | more than 6 years ago | (#23077194)

that'll gettem a couple Cisco core routers w/service contracts, but not much else :D

Disarm?! (1)

iritant (156271) | more than 6 years ago | (#23077212)

The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks.

Disarm an intrusion?! Because the intrusion is armed?

Re:Disarm?! (0)

Anonymous Coward | more than 6 years ago | (#23077780)

I was more alarmed at the naming of a classified program in the same breath as referencing a program to secure data.

How secure can their data be, if they can't even secure the name of a classified program?

Re:Disarm?! (2, Informative)

bleh-of-the-huns (17740) | more than 6 years ago | (#23079650)

Interesting that they named it at all, since the previous 3 names were classified as well, and everytime the name is made public, they rename it again. This time however they released it instead of it being leaked.

I was involved in the Einstein program during its early days in a previous life, it is actually quite useful, for monitoring all the traffic coming and going, as well as a historical searching.

The current implementation as far as I know (its been almost a year since I was involved) only has header data, no content (or rather first 16 bytes to determine the the type of traffic, useful for determining tunnelling), so privacy is still maintained.

Re:Disarm?! (1)

bleh-of-the-huns (17740) | more than 6 years ago | (#23079676)

Also, a program can be classified while the name is not. Since most purchasing of equipment for said programs is public record (procurement officers rarely have clearances).

Re:Disarm?! (1)

Foobar of Borg (690622) | more than 6 years ago | (#23077892)

Disarm an intrusion?! Because the intrusion is armed?
Of course. Once they [Iranians, al-Qaeda, whoever "they" are this week] get their troops and armaments loaded onto their trucks and start driving them through the tubes, there is no telling how much havoc they can wreak. Unless, of course, the tubes become clogged.

Could the article title have any more flamebait? (4, Insightful)

the computer guy nex (916959) | more than 6 years ago | (#23077222)

Bush Cyber Initiative Aims To Monitor, Restrict Access to Federal Network


This was obviously worded to stir the 'Left' trolling the comments.

The article speaks of data lost to China last year due to hackers on the Government network. If our tax dollars should pay for anything, it should be national defense and to protect this data.

Re:Could the article title have any more flamebait (0, Troll)

howdoesth (1132949) | more than 6 years ago | (#23077460)

If our tax dollars should pay for anything, it should be national defense and to protect this data.
I disagree, there's a market solution to this and every problem. Let's see... when the Chinese steal our data, it... ummm... reduces the value of that data to the point where it's not worth stealing? The important thing is that I don't want to pay taxes.

We need this! (0, Troll)

PC and Sony Fanboy (1248258) | more than 6 years ago | (#23077240)

Without this, how will the govn't know what sort of pr0n we're looking at?

Re:We need this! (1)

kitsunewarlock (971818) | more than 6 years ago | (#23077422)

...I'm assuming your a government employee? Or just someone who leeches a federal internet line?

Finally on target (3, Insightful)

booch (4157) | more than 6 years ago | (#23077352)

I'm glad to see that the Bush administration is finally on target with their network monitoring. They've been monitoring innocent citizens on the open Internet for years now. Pretty amazing that they'd do that before bothering to secure their own networks.

What's more amazing is that I'm still amazed by government stupidity and corruption.

Re:Finally on target (0, Flamebait)

Brad Eleven (165911) | more than 6 years ago | (#23077848)

This administration has been a consistent innovator in the areas of government stupidity and corruption. They have gone above and beyond what anyone could have expected in the realm of demonstrable incompetence. You won't see the liberal media reporting on these achievements; they actually try to use these record-breaking results to attack our Commander in Chief and his duly appointed minions.

One stop shopping for breaking in now... (0)

Anonymous Coward | more than 6 years ago | (#23077360)

Great.. so now the crackers have just one system they need to break into to get access to all the other ones.. Another brilliant idea from your idiot overlords.

Wait a second... (1)

Lookin4Trouble (1112649) | more than 6 years ago | (#23077376)

Wait a second, here... This is funded? Why the hell has money been taken from my (shrinking) budget to subsidize this program for my Cabinet-level Department???

Re:Wait a second... (1)

Notquitecajun (1073646) | more than 6 years ago | (#23077674)

Shrinking budget?? Man, in today's world, your representative SUCKS.

Firewalls (4, Insightful)

davidwr (791652) | more than 6 years ago | (#23077402)

I hope classified data already runs on its own networks isolated from the Internet. Some unclassified but sensitive data, such as taxpayer and social security data, should be given the same treatment.

When the technology allows for it, I expect most companies to do the same thing, limiting or eliminating access to their sensitive data from computers that have access to the Internet.

As for data that is supposed to be public, read-only copies - perhaps made nearly in real time - must be accessible to the public. If someone manages to break security and trash a read-only copy, the original data remains uncorrupted.

Re:Firewalls (0)

Anonymous Coward | more than 6 years ago | (#23077654)

I worked for a company once trying to get a DOD network contract.

The requirements were a completely separate network, with no connection to the "public" (ie what we think of as the internet) network.

The company had to build a completely separate backbone for the DOD data.

Re:Firewalls (3, Informative)

yuna49 (905461) | more than 6 years ago | (#23077838)

The BusinessWeek story tells of a forged email sent to a senior official at Booz, Allen Hamilton involved with sales of US military hardware. The From address was forged to be from a senior Defense Department official, and the message contained a trojan PDF attachment that included a keystroke logger. These sorts of targeted attacks ("spear-phishing") have been on the rise in the commercial sector as well.

But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.

Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?

The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.

While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.

BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.

Re:Firewalls (1)

chrishillman (852550) | more than 6 years ago | (#23080758)

Wha?? ...there is so much to address...


Do you run an SMTP server for a major corporation? If you were to block every "probably forged" email then your users would beat your door down with their torches and pitchforks. The truth is that thanks to the nature of SMTP email you (as a "knowledgeable" user) can't trust the email in your inbox, let alone a PHB and their inbox.

Normally forged email is obvious. The gist of this article is that the mail contained specific information that made the email look more legit than usual.

If you were at a bolt factory and your CEO got an email from a nut fab that you normally do business with about a specific deal that was in the works, that just happened to contain an attachment - would your CEO be crazy to open the attachment?

DNS/PKI blah, blah, blah.. SMTP by nature (and email clients) do not make it easy to see if the email was forged. PKI would be nice but has yet to come to common use (corporations get silly amounts of emails from equally sill numbers of unique servers, who would hold the public keys? Could they be hacked?)

Monoculture is another word for managed infrastructure. Would your CEO be best served by having a totally oddball configuration just to prevent a keylogger from getting installed? How would you support such an infrastructure? With 24 different OSs on your network, how do you determine what traffic is legit and what is a bot calling home? What do you pay your helpdesk people to support all those OSs? Admins to keep them patched?

The posted article points to the possibility to finally manage all federal networks from a single point in the same way.

To have boundary protection you have to establish a boundary -- this would be the "Fednet" or whatever and there would be protection at those 100 points instead of thousands of unique points.

I think it is a great move and about time, it is what people had expected to be in place already. "They weren't doing that before?"
"No"
"Well that is dumb, they should do it now then."

Re:Firewalls (0)

Anonymous Coward | more than 6 years ago | (#23078260)

"....Some unclassified but sensitive data, such as taxpayer and social security data, should be given the same treatment...."

Hehehe. IRS' upgrade is a known failure.

SSA uses IE6, as do many many other gov't agencies. One idiot downloading a video can paralyze SSA's entire network, and has done. Many SSA applications are web-based now. But it's not one record one application per citizen, but rather patch-job-to-legacy-to-local-to-regional-to the mainframe-and back again. Security? Ha.
The resources just aren't there.

Ooops.

Re:Firewalls (0)

Anonymous Coward | more than 6 years ago | (#23078484)

Unless someone makes a major booboo, through accident or intentionally, it's impossible for classified information to reach "The Internet" as civilians refer to it. All classified information from the DoD is on a seperate network worldwide... a second internet if you will. There are no physical connections anywhere in the world that intersect the 2 disparate networks.

Please spread the word, because I have to type something like this damn near every month on Slashdot to re-inform people. If you think you have a "grand idea" on how to fix classified information, it's already been thought of and is being done already on the seperate classified network.

Hell, there's provisions where the class/unclass equipment has to be X number of feet apart, and no cables exist within facilities that are long enough to reach both (6 feet seperation / 4 foot cables) to prevent accidental connections.

Security of data almost always come down to the final vulnerability that no IT manager can account for directly: the User.

Re:Firewalls (1)

davidwr (791652) | more than 6 years ago | (#23079466)

TFA is about sensitive info that isn't classified.

By major boo-boo, do you mean accidentally talking about work with your best friend who then blogs about it? Oops.

How this will impact public information resources (3, Informative)

wiredog (43288) | more than 6 years ago | (#23077412)

such as the Library of Congress, ... or even the US Congress remains to be seen.

Since the LoC and Congress are Legislative branch, and the President's Cyber Policy is from the Executive branch, I'd say "very little".

Re: How this will impact public information resour (1)

techpawn (969834) | more than 6 years ago | (#23077746)

nd the President's Cyber Policy is from the Executive branch, I'd say "very little".
What about the VP [nwsource.com] ?

Re: How this will impact public information resour (0)

Anonymous Coward | more than 6 years ago | (#23079432)

The Library of Congress is already securing their site with Silverlight. Since few will install the plug-in, the data will remain nearly inaccessible.

I've got a better idea (1)

TheRealMindChild (743925) | more than 6 years ago | (#23077516)

Just make it mandatory that a government agency has to use NetBEUI as their network protocol, using MS Proxy Server as their gateway to the tubes. Hacking potential goes WAY down.

Re:I've got a better idea (0)

Anonymous Coward | more than 6 years ago | (#23082426)

I followed you, up until you said 'MS Proxy Server.'

How about we not rely on a company that has fucked up security in every single software application they have written?

Byzantine Foothold? (0)

Anonymous Coward | more than 6 years ago | (#23077564)

Shame they wouldn't follow another byzantine princple which was a stable currency. A gold coin called the bezant which lasted 800 years. Will the USD (the federal reserve issued one that is) last anything close to that? I'm thinking not.

Proposed security measures... (5, Funny)

vmxeo (173325) | more than 6 years ago | (#23077566)

Well, if it follows the same pattern of security as other parts of the government, each packet will be required to show two forms of government-issued ID, restrict its data to whatever it can fit into 3 ounce bottles in a clear quart-sized bag, and remove its shoes. Additionally, packets will also be subject to a "No-Route" list, and may also be randomly pulled aside for deep inspection. It will be suggested for packets to arrive at least 1 hour earlier (2 for international routing) for the extra queue length caused by the increased security.

Dude! (1)

dens (98172) | more than 6 years ago | (#23077578)

They can't eevn back up their emails...

Sorry, just the first thing that came to mind. ;-p

Re:Dude! (1)

dens (98172) | more than 6 years ago | (#23077592)

Then again, I can't even type 2 lines without typos. I'm sipping cappuccino now to alleviate that problem (c'mon, it's not even noon!).

Packet inspection (1)

Wowsers (1151731) | more than 6 years ago | (#23077600)

Knowing governments, they will specify an implementation like:

This internal email is incriminating, set archive bit to not archive.

Can't be done by June 2008. (2, Insightful)

RNLockwood (224353) | more than 6 years ago | (#23077760)

Reduce access to 100 sites by June 2008? That must be a typo unless work is already started. I would imagine that it would require leases on buildings, secure power, purchase and installation of electronics, and training, hiring, and relocation of people to run it. All in two months? I don't think that could be accomplished even if the sites were run by private companies who get non-competitive contracts. Oh, is that the point?

Federal Network (1)

mrbah (844007) | more than 6 years ago | (#23077770)

Would You Like To Know More?

Deathnutz (1)

Deathnutz (1184573) | more than 6 years ago | (#23078186)

If only Government was "open source"...

Classified? (1)

Egonis (155154) | more than 6 years ago | (#23078500)

Uhmm. So this is a classified project?

Then why do we know about it?

Re:Classified? (1)

ahippo (878767) | more than 6 years ago | (#23078640)

Because the existance of a program is unclassified unless the mere mention of a its existance threatens national interests and security. Example: The Army is hunting terrorists in Iraq = Unclassified Terrorist X is currently thought to be at location Y = Classified

thought it was a story on the LOC and MS Silverlig (1)

Locutus (9039) | more than 6 years ago | (#23078512)

But it is only about shutting the windows of government workers and forcing everyone else through a handful of guarded doors with frisking. As if anybody currently expects some kind of free pass today with how the current admin is running this country. They shouldn't if they do.

Now, I wonder if every entry point will have a pop up asking of you are really sure you want to move forward to the next page? ;-)

LoB

Dont expect much (1)

ZenDragon (1205104) | more than 6 years ago | (#23078594)

Get your Trojans in while there is still time!

Actually on a serious note; I used to work for the Governors Office which we had locked down fairly well behind two firewalls (edge and office), and an active IDS system. When the DCOM viruses started hitting hard we saw an enourmous influx of traffic coming from Department of Defence, Homeland Security, and FBI, networks. Taking a sip from the fire hose with etheral showed that over 98% of it was DCOM exploit attempts coming from well over 1000 unpatched windows boxes, leading me to believe that they had all been massivly infected.

Doesnt speak very highly of the agencies that we are supposed to be relying on to protect us does it? It took them weeks to get things under control. All told, we had ONE infected machine in our network from a laptop that had been off site that was shut down within 5 minutes of being plugged in to the network, and wasnt able to infect even one other machine.

Point is, based on my experience working for the man, and things I have seen both there and within other agencies that I had the opportunity to work with. Anybody with some rudamentary knowledge, and access to metasploit or something, could likely compromise any one of these agencies with ease provided they knew where to plug in. With the exception of a select few agencies such as the NSA, the government in general is not as advanced as people seem to think they are. Once you get past their edge firewalls its pretty much free reign in a surprisingly open network.

The entire state government where I live is on one huge FDDI ring, with one of a hundred thousand places to plug a laptop in that have no checks or boundries on them at all. In fact, half or more of the state agencies dont even have firewalls within the FDDI ring, and use public addresses for their workstations, without even NAT'ing network traffic. Go figure.

Anyhow, Im glad they are finally actually taking a look at these problems.

Oh the irony (3, Insightful)

Hoi Polloi (522990) | more than 6 years ago | (#23078676)

Does anyone see the irony in calling a large scale government information project "Byzantine [learnthat.com] "?

Centralization + Security (1)

ahippo (878767) | more than 6 years ago | (#23078738)

The ball has been rolling to reduce the number of entry points to government networks for a long time. For example, the DoD's Defense Information Systems Agency has been awarding contracts to agencies to try to reduce the amount of entry points to their systems to allow for better centralized management and security. The Air Force even threw extra money at it for their own systems:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/12-17-2003/0002077687&EDATE= [prnewswire.com]

They need to do what the DOD has done (1)

Chabil Ha' (875116) | more than 6 years ago | (#23079638)

and get all their sensitive material on the SIPRNet [wikipedia.org] (or something like it) where it should belong. Nothing should reachable from the public network.

Taking bets? (1)

bitspotter (455598) | more than 6 years ago | (#23081470)

What are the odds the Federal Internet goes down first?

Seriously, do they really think this failocracy can secure and buttress its own networks better than the open Internet everyone else uses?

I'll give them this, though: At least they're having the common courtesy to try and keep attacks on the federal government from affecting my Internet. Damn kind of them.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?