|
"NSA is doing everything possible to monitor the safety of US Government networks," he said it the day before the Energy Department story surfaced. The next day, I called him back and asked the same question. I received the same answer. Next I called a congressional aide and asked his opinion on the subject. He answered, "I´ll speak to my boss."
Is our government serious about computer security? The recent revelations about Energy Department insecurity bring a startling question to light -- how secure are our national secrets?
Los Alamos National Laboratories needed a severe breach of security to impliment an `air block.´ An air block is a physical block between outside networks and `secure´ networks.
Back in the seventies, a group of hackers (crackers) from West Germany were caught trying to break into Pentagon computer networks. The Pentagon couldn´t have cared less -- they exhibited little or no interest, not even bothering to close security holes (you can read more about this in The Cuckoo´s Egg, which is available in the OSAll Bookstore.)
Has the government´s attitude changed at all? Our military is becoming increasingly reliant on computers in everything it does... cruise missiles are flown and built through computers and nuclear weapons testing is computer simulated. Even air traffic control systems are computer based. In fact, the water purification trucks used in Desert Storm were run by computers.
Obviously, many of these systems are vulnerable to what´s known as an EMP blast, where a nuclear weapon is exploded in the atmosphere. Electromagnetic pulses are released, disabling any silicon-based stuff out there which isn´t shielded against EMP. That, however, is besides the point.
What happens when a foreign power (the Pentagon crackers were hired by the KGB, incidentally) decides to infiltrate our nation´s computer networks to ferret out information?
Ships in the Navy carry many secret systems... and there´s now a pilot program in which an entire ship is run through Windows NT! We all know how notoriously insecure NT is, so how can the Navy justify running a warship off it? What would happen if say you, me, or Yugoslavia decided to play with a ship´s registry?
In the entire Armed Forces of the United States, less than a hundred soldiers, sailors and airmen (and I emphasize the word less) are devoted to computer security -- and few of those full-time. The onus is often left on outside agencies such as NSA to handle some computer security, and the resentment against such outside involvement in the Armed Forces is fierce.
The military needs to develop a warfighting unit, much like a reconnaisance team, a SEAL team or a flight of Apaches, to secure our nation´s computers. And they need to be given full reign to put security above usability.
Our nation needs to act -- and now. |
