Bush Cyber Initiative Aims To Monitor, Restrict Access To Federal Network 120
dstates writes "Details of George Bush's Cyber Initiative are beginning to trickle out. The Cyber Initiative was created in January to secure government against electronic attacks. Newsweek says that over the next seven years, Bush's Cyber Initiative will spend as much as $30 billion to create a new monitoring system for all federal networks, a combined project of the DHS, the NSA and the Office of the Director of National Intelligence. The U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. ComputerWorld reports that all data traffic flowing through agency networks will be checked, and that it will be inspected at a deeper level than the current system is capable of. BusinessWeek, meanwhile, reports that one requirement is to reduce the number of internet access points in the Federal Government from the thousands now in use to only 100 sites by June 2008. How this will impact public information resources such as the Library of Congress, National Library of Medicine or even the US Congress remains to be seen."
Re:$30 billion? (Score:3, Informative)
No, they are itemizing Cisco Pix firewalls at $500,000 a pop. Not including labor.
How this will impact public information resources (Score:4, Informative)
Since the LoC and Congress are Legislative branch, and the President's Cyber Policy is from the Executive branch, I'd say "very little".
Re:Firewalls (Score:4, Informative)
But, let's analyze this particular event for a moment. First, why would Booz, Allen's email server accept as legitimate an email claiming to be from the Defense Department when it was sent through Korea and Yahoo? Messages like that ought to be blocked at the doorstep. I don't let mail with @aol.com From addresses in here unless they come from AOL's own servers. The fact that such an obviously illegitimate email could be accepted by one of America's largest defense contractors make me wonder how they recruit their network staff.
Next, why aren't they using public-key encryption, or at least digital certificates for authentication? Hell, they ought to be using SMTP-level encryption with certificates for every message sent by DOD mail servers to their contractors. We're apparently more concerned about regulating the privacy of people's health information through HIPAA rules than we are about the privacy and security of communications between the military and its contractors. If you send an email with "patient health information" between providers in the clear, you could be in a heap of trouble. Why doesn't that mindset apply to defense contractors who have a lot more money to spend on this stuff than health providers?
The article also glosses over the role that the Microsoft monoculture plays in all this. Some of these attacks target OS to install things like keyloggers, but another large chunk apparently exploit Office applications like Word, Powerpoint, and Access. The article suggests that a large amount of militarily-sensitive data is kept in Access databases which make them an appealing target. Apparently the intent is to burrow small modules into Access databases that ship out the data in the background when the database is opened. Last time I looked, Access wouldn't really be my choice for a database designed to hold and protect militarily-sensitive data.
While it might be nice to think of the problem as somehow analogous to closing the borders, it looks to me like the usual security principle applies. It matters more who and what's behind the firewall than what's coming in.
BTW, the whole focus on the guy running a domain registration service in China was patently ridiculous. Of course, no one with a throwaway GoDaddy account ever used it to hack into something; it's only those devious Chinese who've figured this out.
Re:The Issue with the George Bush Cyber Initiative (Score:4, Informative)
Re:$30 billion? (Score:1, Informative)
Re:Disarm?! (Score:3, Informative)
I was involved in the Einstein program during its early days in a previous life, it is actually quite useful, for monitoring all the traffic coming and going, as well as a historical searching.
The current implementation as far as I know (its been almost a year since I was involved) only has header data, no content (or rather first 16 bytes to determine the the type of traffic, useful for determining tunnelling), so privacy is still maintained.