 In an interview today with Dave Davies, on NPR's “Fresh Air”, Richard Clarke, former Special Adviser to the President for Cyberspace Security, spoke of the fallibility of networks run by the government in places like the Pentagon. Clarke detailed vulnerabilities and the lack of security when dealing with our government's network.
Early on, Clarke was part of an exercise known as “Eligible Receiver “. An exercise which entailed trying to gain access to parts of the network within the Pentagon, which showed that the network was in fact not nearly as secure as it should be. Clarke says that they suggested a method of employing measures that would notify the administrators of attack attempts after they had accessed all networks including the command and control network. “About 6 months later, we came back and we met with the head of the army and head of the air force and the navy to see how their systems had been doing. One of these guys, I think it was the head of the army said 'It's terrible. You made us put these intrusion detection systems on our network. Before we had them on our network, nobody ever attacked us. Now that you have put these boxes on our network, they're going off all the time...' “Ignorance is bliss” states Clarke, who noted that the error was not in that they had raise the level of attacks but that they had not known of them before, and thus assumed it wasn't happening. Clarke went on to state other attacks, made as recently as 2007 on the Sec'y of Defense Gate's front office computer, had occurred. This attack was not disclosed and is classified. It would seem that if nothing relevant happened, the President would have had it unclassified to put people at ease, but we may never know. He also cited that many problems come from the production side of the table. That hardware, and especially software manufacturers were not in business to deal with a lot of the security issues that face the internet as a whole because they work in niched spaces. One company making an operating system for a laptop is not inclined to be in the business of making sure that the interaction between the laptop and the software and the routers along the network on the way to the internet all work well together. As is well known in technical circles, Clarke explained how code in software is exploited many times in order to enable hackers to launch malicious attacks. While not citing a specific manufacturer, one of the more notable events to have happened as of late was malware being shipped on electronic digital picture frames. Once a person plugged it in to their computer, the frame would upload software to the computer which would search for valuable information including passwords, credit card numbers, etc. It would then use the person's email program to send that information back to a site in China, where the frames were made. One of the biggest possible threats to security may be that while the Pentagon has moved off of the public grid and on to its own private network, many important data highways still use public lines. Electric power grid control centers, airlines and the FAA and many banks, hospitals and other types of services that store personal and important data still rely heavily on the use of the public fiber networks which traverse the globe and may be vulnerable to attack or even to accidents which could cause issues. This is seemingly Mr. Clarke's biggest concern, as moving critical data off of public lines and on to more centralized, secure private networks would secure our data many times moreso than it currently is. While he says that there are currently programs researching this, he thinks that it should have been done in many places already.
Discuss this in our forums
Recommend this article... |
