December 12, 2004 October is Koufax Pledge Drive month
Criticality (update)
George Tenet landed a keynote gig with FCW Media's show that targets the Homeland Security line items in the federal agency computing budgets. The AP reported that Tenet insisted that national media be kept out, only allowing in reporters for Federal Computer Weekly and similar trade publications.
The great theme was computing security infrastructure in the age of terror. His speach was the usual messy tangle policy people end up with when they try to do security. Spineless agencies with budget and without clue, and businesses with budget and without clue and indifferent to ROI should do a lot of spending on ... bandaids.
What are the two greatest threats to the security of the computing infrastructure?
If you answered (a) order of 10^8th attack platforms, and (b) millisecond latency data fabric, that is, (a) a shared-fate protection model (none) common operating system architecture, and (b) ip over cable data network and ip over digital subscriber loop, that is, (a) Windows and (b) broadband, that is, criticality then you were paying attention.
The US Government is coming to the Internet, but its going to miss Redmond, the FCC's media consolidation brief, and the wreckage of the dotGone telco buildouts.
The US Government isn't going to provide what the Belgian Government is already providing each e-citizen. Have you any idea how cool having 24 (48 if you dump the Flams verso) one-time code pads is? OK, so its a pseudo-random jump into a 48 entry code table challenge-response system. That is still wicked cool in a highly phished and worse world.
Update: Here's a topical read: Spammers hide behind the Great Wall, by Collin Galloway in Asia Times.
Haha, I thought you had somehow procured the Belgian version of the nuclear launch code card. Still definitely cool, but I assume Belgians also have national citizen database.
As for the common OS, aren't there enough Win98/95/DOS systems in mission-critical areas of the economy, as well as non-MSFT installed-base that'll survive without a problem? Enough web-content will be saved by GOOG's coolest computer in the world. It seems to me that the real danger is concentrated in only those systems that rely on Win for mission-critical tasks.
Fair to cast the problem as one of software not catching up to hardware in the last few years?
Posted by: Peatey at December 12, 2004 11:34 PMIt is for C/R between users of the government portal and the portal operator. It could be proxied out to my region (Bruxelles/Brussel) and commune (Ixelles/Elsene) government portals, to my bank (CGER), and so on, or be the root for additional cards for direct (and non-proxied, unshared) use by these other portals.
Is a national ID system a predicate condition? No. I only have one credit card in my wallet, but I understand I could have more, and they don't come from "government".
See PGP vs x.509 (web of trust vs trees of certification) generally.
What does "survive without a problem" mean when the criticality is continuous? Unlike y2k (in several ways), and worm/virus propogation events (machine recruitment events), criticality exploits are temporally unbounded until conditions are altered. Typically, the defending operators partition (blowing the apocryphal explosive bolts on the milnet/arpanet gateways) _away_ from the connected internet.
You miss the fundamental by thinking that similarity is the weakness, "mission critical windows". Any attached device, endpoint or operational infrastructure, may be targeted by a very large number of ... repurposed devices. The particular host-specific form of attack is an implementation detail once an infinite low-latency attack resource is present. Scale trumps all.
Do you have a torch and pitchfork? Are you sure? Tenet seem to think you do, so he'd like higher walls and more moat to abate the mob problem, without touching the torch and pitchfork industries.
What is poor Frankenstein to do?
Posted by: Eric at December 13, 2004 09:01 AMEBW, thanks for the informative article.
I don't know the specifics yet but PGP/MIME appears more useful for individual users. I see that a national ID is not a prerequisite.
You're right that non-Windows systems are still vulnerable to massed and sustained attack. But I assumed that conditions would be soon altered, as non-Window systems would 'blow the safe bolts' but still maintain much of the network backbone operational.
As for the software/hardware catchup, I was imagining "intelligent nodes" that would close the hatches on the compromised systems(instead of blowing the safe bolts), coordinating with each other to cease propagation of attack packets. This would seem to be a software question to the hardware possibility.
I'm a bit uncertain that I'm getting the mob/pitchfork/wall/frankenstein analogy. Am I seeing it correctly? And as you point out, there's already a mob in the next street, in Chinatown. Doesn't that necessitate a wall regardless?
mob=repurposed attack
pitchfork=resident lurking trojan
wall=authentication
frankenstein=Windows in the government?