Bush Cyber Initiative Aims To Monitor, Restrict Access To Federal Network

dstates writes "Details of George Bush's Cyber Initiative are beginning to trickle out. The Cyber Initiative was created in January to secure government against electronic attacks. Newsweek says that over the next seven years, Bush's Cyber Initiative will spend as much as $30 billion to create a new monitoring system for all federal networks, a combined project of the DHS, the NSA and the Office of the Director of National Intelligence. The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. ComputerWorld reports that all data traffic flowing through agency networks will be checked, and that it will be inspected at a deeper level than the current system is capable of. BusinessWeek, meanwhile, reports that one requirement is to reduce the number of internet access points in the Federal Government from the thousands now in use to only 100 sites by June 2008. How this will impact public information resources such as the Library of Congress, National Library of Medicine or even the US Congress remains to be seen."

Re:$30 billion?

[morgan_greywolf]

Are they really itemizing hammers for $300, toilet seats for $1000? Are government contractors just taking us to the cleaners?

No, they are itemizing Cisco Pix firewalls at $500,000 a pop. Not including labor.

How this will impact public information resources

[wiredog]

such as the Library of Congress, ... or even the US Congress remains to be seen.

Since the LoC and Congress are Legislative branch, and the President's Cyber Policy is from the Executive branch, I'd say "very little".

Re:Firewalls

[yuna49]

The BusinessWeek story tells of a forged email sent to a senior official at Booz, Allen Hamilton involved with sales of US military hardware. The From address was forged to be from a senior Defense Department official, and the message contained a trojan PDF attachment that included a keystroke logger. These sorts of targeted attacks ("spear-phishing") have been on the rise in the commercial sector as well.

But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.

Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?

The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.

While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.

BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.

Re:The Issue with the George Bush Cyber Initiative

[mweather]

Every single email in the white house's email system is backed up and available for congressional auditors. The problem is Bush (and at least 88 other officials) broke the law and used the RNC and Bush/Cheney '04 accounts for official business.

Re:$30 billion?

[Anonymous Coward]

I'd like to find out which Government branch is buying hammer's for $300.00 and toilet seats for $1,000.00. Our company is a government contractor selling technology supplies and IT solutions to Dept of Defense and Homeland Security. We have to get special Federal pricing from the Manufacturers which is considerably less than comercial pricing for the private sector. Our profit margins are so minimal, think of 4 to 6 percent of cost. If what you are saying has any weight of truth then perhaps we will add hammers and toilet seats to our product line. Please advise as to any other products that we should consider.

Re:Disarm?!

[bleh-of-the-huns]

Interesting that they named it at all, since the previous 3 names were classified as well, and everytime the name is made public, they rename it again. This time however they released it instead of it being leaked.

I was involved in the Einstein program during its early days in a previous life, it is actually quite useful, for monitoring all the traffic coming and going, as well as a historical searching.

The current implementation as far as I know (its been almost a year since I was involved) only has header data, no content (or rather first 16 bytes to determine the the type of traffic, useful for determining tunnelling), so privacy is still maintained.