In the wake of Pentagon-based U.S. Army Pfc. Bradley Manning’s leaks of thousands of files from SIPRNET — the Defense Department’s internal version of the Internet — to Wikileaks, all branches of the U.S. Armed Forces are ordering troops to stop using portable or removable media. Military personnel caught using CDs, DVDs, thumb drives or other removable media risk court martial, reads a Dec. 3 order from Major General Richard Webber, commander of Air Force Network Operations.
Your comments are pretty superficial as to the problem and the potential solution(s).
The problem (Wikileaks)stems from a systemic problem with all large organizations, both private and government, when dealing with technology.
In any large organization money is prioritized by perceived need. And the people prioritizing the money today are not technically competent to any significant degree.
In virtually every organization, money spent on security is generally 'soft money' meaning funds not being spent directly on mission critical actions. Soft money is hard to come by and an easy target for any reorganization or austerity program.
Determining the value of software which will increase sales or improve the flow of timely intelligence to the front line forces is a mature art. (Mature art being process and procedures generally agreed to be defensible as industry 'standard'.) Determining the value of 'security' is much more difficult.
You can value the protection against proven threats (anti-virus software and frequent applications of 'patches') relatively easily. Since 'everyone' has seen or at least read about the damage that can occur by not spending the money, funding is relatively easy to get approved.
But many threats (including perhaps the most dangerous ones) are not 'real' in the eyes of senior management. The threat hasn't been widely reported on in the Wall Street Journal and other major news outlets and therefore does not exist in their perception.
Even for threats in the public eye, their analysis is very often that the threats are more costly to prevent than to 'fix' if they occur. This view will prevail until someone delivers thousands of 'secret' documents to Wikileaks or breaks in and steals the plans for your latest weapons systems. At that point it becomes a problem which may deserve funding. In any event, the incident provides the opportunity for 'armchair quarterbacks' to endlessly debate 'what we did wrong'.
It is worth it to consider in this light the huge hole in our nation's security created by the fact that ALL of our major internet components are supplied by factories located in countries that are very likely to become opponents in warfare either economic or physical combat.
The problem is compounded by the fact that virtually all of our weapons and combat systems contain chips produced in the same countries.
None of these products have been tested for dormant functionality that could be activated by a foe destroying our economy by disabling the internet, disabling our weapons systems (smart bombs, satellites, command and control, weapons aiming and guidance systems.... the list is incredibly long) or both.
The cost of rectifying this potential is enormous, almost beyond our ability to deal with. Take your own best guess what it would cost to replace every suspect component in the internet and all future components with Made in the USA products (all produced by American owned companies within our borders and designed by security vetted designers).
Currently every major company in this market has foreign connections, even direct ownership by foreign nationals. None have the facilities to produce the products in the US, because like our cellphones most of the components and all of the assembly has been outsourced to countries potentially our 'enemies'. We don't even have a comprehensive program for testing devices we buy and verifying that the actual devices delivered conform to the tested unit(s).
The arguments against 'fixing' the problem include the national debt, distrust of our military and military suppliers, inability of decision makers and voting public to understand the threats, opposition by corporations to either oversight or radical changes to their interrelationships, inability to comply (huge foreign national presence in design and testing plus no US based factories), etc.
Hardware isn't the only problem. Windows, which struggles to meed even consumer level security requirements, is an integral part of our military systems. Not a problem you say, the Captain of the USS Yorktown might disagree after he found himself adrift without power for over 3 hours due to a program glitch in a control system front ended by Windows NT.
If a major disruption to our economy or failure of a mission critical military system occurs, the outrage and second guessing will be legion.
If anyone has an effective and practical (both economic and politically) our nation could sure use it.
What a joke our Government is. All the Agencies created DHS, CIA,FBI, and yet we don't protect documents. Are we really that stupid? Yes we are and here's why. Because people are lazy and lack the willingness to take the extra steps to do so. Sorry to say our Government is just like any consumer who mostly lacks much security when it comes to their documents. I am sure our Government will create yet another Agency to tackle this problem and yet I see nothing changing except for it taking more tax revenue.
Loading ...
Military Gives External Media Devices Marching Orders
Posted by: Mike Martin December 10, 2010 12:55 PMIn the wake of Pentagon-based U.S. Army Pfc. Bradley Manning’s leaks of thousands of files from SIPRNET — the Defense Department’s internal version of the Internet — to Wikileaks, all branches of the U.S. Armed Forces are ordering troops to stop using portable or removable media. Military personnel caught using CDs, DVDs, thumb drives or other removable media risk court martial, reads a Dec. 3 order from Major General Richard Webber, commander of Air Force Network Operations.
The problem (Wikileaks)stems from a systemic problem with all large organizations, both private and government, when dealing with technology.
In any large organization money is prioritized by perceived need. And the people prioritizing the money today are not technically competent to any significant degree.
In virtually every organization, money spent on security is generally 'soft money' meaning funds not being spent directly on mission critical actions. Soft money is hard to come by and an easy target for any reorganization or austerity program.
Determining the value of software which will increase sales or improve the flow of timely intelligence to the front line forces is a mature art. (Mature art being process and procedures generally agreed to be defensible as industry 'standard'.) Determining the value of 'security' is much more difficult.
You can value the protection against proven threats (anti-virus software and frequent applications of 'patches') relatively easily. Since 'everyone' has seen or at least read about the damage that can occur by not spending the money, funding is relatively easy to get approved.
But many threats (including perhaps the most dangerous ones) are not 'real' in the eyes of senior management. The threat hasn't been widely reported on in the Wall Street Journal and other major news outlets and therefore does not exist in their perception.
Even for threats in the public eye, their analysis is very often that the threats are more costly to prevent than to 'fix' if they occur. This view will prevail until someone delivers thousands of 'secret' documents to Wikileaks or breaks in and steals the plans for your latest weapons systems. At that point it becomes a problem which may deserve funding. In any event, the incident provides the opportunity for 'armchair quarterbacks' to endlessly debate 'what we did wrong'.
It is worth it to consider in this light the huge hole in our nation's security created by the fact that ALL of our major internet components are supplied by factories located in countries that are very likely to become opponents in warfare either economic or physical combat.
The problem is compounded by the fact that virtually all of our weapons and combat systems contain chips produced in the same countries.
None of these products have been tested for dormant functionality that could be activated by a foe destroying our economy by disabling the internet, disabling our weapons systems (smart bombs, satellites, command and control, weapons aiming and guidance systems.... the list is incredibly long) or both.
The cost of rectifying this potential is enormous, almost beyond our ability to deal with. Take your own best guess what it would cost to replace every suspect component in the internet and all future components with Made in the USA products (all produced by American owned companies within our borders and designed by security vetted designers).
Currently every major company in this market has foreign connections, even direct ownership by foreign nationals. None have the facilities to produce the products in the US, because like our cellphones most of the components and all of the assembly has been outsourced to countries potentially our 'enemies'. We don't even have a comprehensive program for testing devices we buy and verifying that the actual devices delivered conform to the tested unit(s).
The arguments against 'fixing' the problem include the national debt, distrust of our military and military suppliers, inability of decision makers and voting public to understand the threats, opposition by corporations to either oversight or radical changes to their interrelationships, inability to comply (huge foreign national presence in design and testing plus no US based factories), etc.
Hardware isn't the only problem. Windows, which struggles to meed even consumer level security requirements, is an integral part of our military systems. Not a problem you say, the Captain of the USS Yorktown might disagree after he found himself adrift without power for over 3 hours due to a program glitch in a control system front ended by Windows NT.
If a major disruption to our economy or failure of a mission critical military system occurs, the outrage and second guessing will be legion.
If anyone has an effective and practical (both economic and politically) our nation could sure use it.