Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 08/20/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] NAPT - NAT Port selection" 
    To: Christopher Hicks <chicks@chicks.net>, Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>
Date: Fri, 20 Aug 2004 14:27:48 -0400

    Christopher Hicks wrote:
    >Maybe if we weren't spending so much money sacrificing our military might in the Middle East we'd have enough money left over to run our Top Secret network?

    That is utterly bogus logic. There's plenty of money; the problem is that it's
    not spent efficiently since the government has virtually no in-house expertise
    and outsources everything to beltway bandits for implementation. The
    Government spends massive amounts of money on information technology;
    "lack of money" is not the issue; it is the expense that comes from
    "lack of clue."

    If you read the article and are at all familiar with the DOD's GIG plans, you'll
    know it's not about cost; it's about availability, ubiquity, and failover. The next
    generation army cannot unroll a T-1 line behind them as they go; the question
    is how to leverage existing bandwidth to accomplish a mission. Obviously,
    security and trust boundaries are a huge question mark in that discussion.
    But it's a discussion worth having. It's being had - but not in this forum. :)

    Another thing to consider: that article appeared to be based on comments
    from someone at DISA. You need to understand that, like with every other
    large multi-agency project, GIG is beset with politics. It is possible that
    what we are seeing is one agency peeing on another's plans to the media
    in an attempt to derail their approach in favor of another one. In The
    Government right now security is in an interesting spot: there's budget
    for it so grabbing for the feed-bag is attractive to empire-builders, but
    it's hard and there's a chance of failure and consequent damage to
    the empire being built. Typically that translates to calls for more money,
    because when you're working with beltway bandits and you have no
    in-house IT expertise, having lots of extra $$ to blow is seen as a
    hedge against failure.

    > As much of a pain in the *** as physically seperate is to maintain we've seen clearly given how various widely respected crypto algorithms have been undermined just in recent weeks that as vital and necessary as crypto is that it doesn't provide a complete solution.

    When I read that article, the only thing I could interpret it as was an
    attempt by the DISA spokesperson to pee on someone else's idea.
    But - yes - there are bad ideas in play and they may come to fruition.
    Goodness, me, that's never happened before! :)

    > We won't have to worry about anybody at Los Alamos losing hard drives anymore when our Latest Terrorist can just crack a poorly administered firewall.

    Then which is the greater threat? The Terrorist, or the lack of good
    administration?

    Our "digital Pearl Harbor" is staring is in the face, and we've already
    lost it. It happened in the 90's when The Government decided that
    in-house expertise was too expensive and outsourcing everything
    to beltway bandits made more sense. The result is a federal IT
    staff that know how to read powerpoints and proposal responses.
    They don't manage those firewalls, they're managed by contractors.
    By the lowest bidder in many cases.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Devdas Bhagat: "Re: [fw-wiz] NAPT - NAT Port selection"
    • Quantcast