[IP] (foreign) intel inside?
Begin forwarded message:
From: Ross Stapleton-Gray <ross@xxxxxxxxxxxxxxxxxx>
Date: August 17, 2005 4:56:49 PM EDT
To: dave@xxxxxxxxxx
Subject: (foreign) intel inside?
A forecast that within a decade, we'll be riddled by foreign-supplied
vulnerabilities; comment most worth noting: "He also said that the
Defense Department should stop funding university research conducted
by foreign nationals. Hamilton added that this is not a xenophobic
reaction, but a reasonable response to a potential threat." Hmmmm...
I think that if we rely on noting if the foreign/domestic bit is set,
and not on systems designed from the ground up for security, we're
going to unnecessarily inconvenience lots of people, for little or no
gain, and further isolate ourselves in the world of technology... Ross
http://www.gcn.com/vol1_no1/daily-updates/36688-1.html
IT infrastructures could be battlefields of future wars
08/17/05
By Patience Wait,
GCN Staff
HUNTSVILLE, Ala. A professor from Auburn University has made the
case that the United States may face a war in the future in which not
a single shot is fired, but yet America loses.
There could be “pre-emptive achievement of military objectives
strictly by information warfare techniques,” said John “Drew”
Hamilton, associate professor of engineering and director of the
Information Assurance Laboratory at the university.
Hamilton projected that such a conflict could take place by 2015the
time it would take to infiltrate computer development programs and
insert malware into operating systems, applications software,
firmware and hardware.
Acquisition trends in the military actually facilitate the
possibility of such a scenario, Hamilton added. “You don’t expect the
military to go to Home Depot to buy a [rocket launcher], but we
expect them to go to Staples to buy software,” he said.
Software developers have always written back doors into their code,
and even secure, partitioned systems such as the Secret IP Router
Network have them.
“I learned that when I got e-mail from Joint Forces Command to scan
their attachments” for viruses, Hamilton said.
The risk in pushing the use of commercial, off-the-shelf software is
compounded by private-sector outsourcing, he said. Microsoft Corp.,
for instance, has outsourced some programming tasks to China and Russia.
Hamilton said that Dan Wolf, information assurance director of the
National Security Agency, told an academic group in June that “DOD
agencies have been outsourcing IT services to [Section] 8a firms that
are fronts for foreign intelligence agencies.”
Nor is the problem limited to the Microsoft environment. Linux,
touted by open-source proponents, has its own vulnerabilities. “NSA
[National Security Agency] recompiled the kernel so you can’t turn
off [key] logging, which is good for forensics,” figuring out what
happened after the fact, Hamilton said.
Finally, the military has not made software a “core competency,”
according to Hamilton. “Some government agencies have contracted for
software code they don’t own the rights for.”
Hamilton suggested several steps that could be taken to pre-empt and
prepare for this kind of warfare, including reverse-engineering
software architecture to find weaknesses, identifying sensitive
parameters that can be exploited and looking for undocumented
functionality.
He also said that the Defense Department should stop funding
university research conducted by foreign nationals. Hamilton added
that this is not a xenophobic reaction, but a reasonable response to
a potential threat.
© 1996-2005 Post-Newsweek Media, Inc. All Rights Reserved.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/