HistoryNet.com RSS
ArmchairGeneral.com RSS

HistoryNet.com Articles
America's Civil War
American History
Aviation History
Civil War Times
MHQ
Military History
Vietnam
Wild West
World War II

ACG Online
ACG Magazine
Stuff We Like
War College
History News
Tactics 101
Carlo D'Este
Books

ACG Gaming
Boardgames
PC Game Reviews

ACG Network
Contact Us
Our Newsletter
Meet Our Staff
Advertise With Us

Sites We Support
HistoryNet.com
StreamHistory.com
Once A Marine
The Art of Battle
Game Squad
Mil. History Podcast
Russian Army - WW2
Achtung Panzer!
Mil History Online

Go Back   Armchair General and HistoryNet >> The Best Forums in History > Historical Events & Eras > Warfare by Other Means

Notices and Announcements

Warfare by Other Means Economics, demographics, cultural, technological, and other factors that have affected the course of history.

Reply
 
Thread Tools Display Modes
  #46  
Old 26 Oct 11, 01:48
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by tnbn75 View Post
Going to make a distinction here. There is cyber war and cyber espionage. I'll list the state sponsored cyber attacks i'm aware of leaving out cyber espionage and cyber attacks by individuals and non nation-sanctioned attacks. well except to mention that one of the first true attacks was the morris worm.


first cyber attack used in anger i'm aware of was in first gulf war in 1991. The attack used a virus to disable radar systems. It was the first time that cyber attack was used in conjunction with kinetic attack.

http://www.theregister.co.uk/2003/03...one_virus_one/


As mention before the Estonian cyber war was basically the first war fought completely in cyber space.


Late 2007 Israel used a cyber attack to hit Syria command and control system to "jam" syria's air defense radar.

http://www.military.com/features/0,15240,210486,00.html


Two more wars have been fought by Russia. The russian georgian war started with a cyber attack the disabled a large majority of Georgian communication channel before the kientic attack began. Allowing for the element of surprise. This was followed by a cyber war in Kyrgystan.

http://defensetech.org/2009/01/30/ru...cyber-warfare/


Before Stuxnet the aurora project should be mentioned. Its a proof of concept for cyber attack that have real world effects. Basically by overriding a few safeguard they were able to destroy an electric generator. Also comes with cool video.

http://unix.nocdesigns.com/aurora_white_paper.htm


Lastly Stuxnet.
Ok, but that's not much of a distinction. One can link cyber-"attacks" as related to individuals, civilian groups, or state-sponsored groups; any tool used by those can be read as "attacks" or even cyber "warfare". What I'm trying to understand is if there is any distinction within our recent history as to what point in time is definitive as cyber-warfare being possible (or even meeting the criteria) rather than real-world examples.

If we use the concept that cyber-warfare (and thus cyber- wars) are "bloodless", then there are even earlier examples of mysterious cyber-strikes. For example, Titan Rain since 2003 and Moonlight Maze by a decade precede the Estonian "incident" but still don't have clearly attributable "blackhats" (although very very strong suspicions). They do meet the minimum criteria of network born invasions and over a very long duration of time as well. Furthermore, they were relatively undetected for a long time as well thus meeting an important function of cyber warfare, although not having a dramatic impact upfront like the Russian/Georgian conflict.

If we decide that cyber warfare in order to exist is as a must-have adjunct to kinetic warfare , then we're going to have to rule out a great majority of cyber-"activity" since most of what we've seen hasn't been a direct result of kinetic warfare even on the front-line. Of course, there's been plenty of electronic warfare/espionage in the last 10 years but really not much in the classical sense of network attacks in conjunction with heavy front-line combat. Georgia and the USSR excepted, frankly, I just don't see that the US or others have done much in Iraq or Afghanistan in that respect. There's just been little or no opportunity to do that. Those nations were just too primitive to have cyber wars that would have some discernable effect.

So, obviously, there is also the problem that in order to have a full-on cyber war (which could lead to a full-on kinetic war), you really have to have participants fully or at least heavily invested in network infrastructure. In most of the aforementioned cases, those were examples of electronic warfare bordering onto very small network attacks.It just hasn't really happened much unless you start regarding cyber warfare as not a necessity to kinetic warfare upfront. Thus I'm loath to attach the kinetic warfare aspect as a must-have feature or even result of cyber warfare. I'm sure some here would love to though and it would be entirely possible that a cyber war would result in a kinetic war; indeed, in the paranoid scenario, it is entirely a prelude to a kinetic war. From a Russian POV, it apparently is a necessity.

However, the question remains : is a cyber war necessarily the precursor to a kinetic event? My thinking is not because the nature of a "cyber war" is more related to systemic resources rather that physical resources.
In that regard, it opens up the field to more than just typical military intelligence/wet intelligence operations (a la Georgia) where one would expect (actually demand) a hyper-cyber combat function to co-exist with your kinetic activity.
Reply With Quote
  #47  
Old 26 Oct 11, 16:53
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Quote:
Originally Posted by boomer400 View Post
Ok, but that's not much of a distinction. One can link cyber-"attacks" as related to individuals, civilian groups, or state-sponsored groups; any tool used by those can be read as "attacks" or even cyber "warfare". What I'm trying to understand is if there is any distinction within our recent history as to what point in time is definitive as cyber-warfare being possible (or even meeting the criteria) rather than real-world examples.

If we use the concept that cyber-warfare (and thus cyber- wars) are "bloodless", then there are even earlier examples of mysterious cyber-strikes. For example, Titan Rain since 2003 and Moonlight Maze by a decade precede the Estonian "incident" but still don't have clearly attributable "blackhats" (although very very strong suspicions). They do meet the minimum criteria of network born invasions and over a very long duration of time as well. Furthermore, they were relatively undetected for a long time as well thus meeting an important function of cyber warfare, although not having a dramatic impact upfront like the Russian/Georgian conflict.

If we decide that cyber warfare in order to exist is as a must-have adjunct to kinetic warfare , then we're going to have to rule out a great majority of cyber-"activity" since most of what we've seen hasn't been a direct result of kinetic warfare even on the front-line. Of course, there's been plenty of electronic warfare/espionage in the last 10 years but really not much in the classical sense of network attacks in conjunction with heavy front-line combat. Georgia and the USSR excepted, frankly, I just don't see that the US or others have done much in Iraq or Afghanistan in that respect. There's just been little or no opportunity to do that. Those nations were just too primitive to have cyber wars that would have some discernable effect.

So, obviously, there is also the problem that in order to have a full-on cyber war (which could lead to a full-on kinetic war), you really have to have participants fully or at least heavily invested in network infrastructure. In most of the aforementioned cases, those were examples of electronic warfare bordering onto very small network attacks.It just hasn't really happened much unless you start regarding cyber warfare as not a necessity to kinetic warfare upfront. Thus I'm loath to attach the kinetic warfare aspect as a must-have feature or even result of cyber warfare. I'm sure some here would love to though and it would be entirely possible that a cyber war would result in a kinetic war; indeed, in the paranoid scenario, it is entirely a prelude to a kinetic war. From a Russian POV, it apparently is a necessity.

However, the question remains : is a cyber war necessarily the precursor to a kinetic event? My thinking is not because the nature of a "cyber war" is more related to systemic resources rather that physical resources.
In that regard, it opens up the field to more than just typical military intelligence/wet intelligence operations (a la Georgia) where one would expect (actually demand) a hyper-cyber combat function to co-exist with your kinetic activity.
It's funny that you mention "blackhats" I'm not sure that I would put any state sponsored hacker in that catergory. E.g. US hackers hacking foreign entities i would consider whitehat. I leave the blackhat designation for hackers using there skill purely for profit.

You asked is there a definitive moment at which people realized that cyber warfare was possible and the answer is yes. first you should know that the DARPA (the internet) was never created with security in mind. It was created to ensure the ability to communicate in the event of nuclear war. Hackers have often used this fact to manipulate computers to do things that they were never meant to do. In 1988 the morris worm struck DARPA infecting 4000 systems. The morris worm was the first time a self-propagating virus attacked system vulnerabilties. It also led to the creation of the US Computer Emergency Response Team (CERT).

This was followed by sadmind, Nimda and code Red in 2001. With these worms the security fixes had already been released. however, sysadmins weren't applying the fixes.

http://en.wikipedia.org/wiki/Morris_worm
http://en.wikipedia.org/wiki/Notable...uses_and_worms

Cyber attacks in my definition is an overt action meant to disrupt services. This would be like Denial of service or Stuxnet where there are real world affects.

Cyber espionage is covert action to acquire intelligence which might require the use of an "attack" such as an APT (advanced persistent threat) like in the case titan rain or the RSA hack. the use of attack is strong as APTs require confidence tricks and human error to work.

Moonlight maze happened 1998 is the last of that breed of attacks. In 1998 few companies on the internet had strong security measures in place. Even in early 2000 there were still a few international banks that did not have firewalls in place. However, With the security tools and counter measures that exist now, this type of attack would be near impossible without an inside man.

There are countless books on Cyber warfare most of them say that the US is falling behind, which i don't think is accurate. I think that the US has not integrated its cyber capabilities as well as china or russia. Our kinetic capabilities are far in advance of any of our potential enemies so at the moment it doesn't present a huge risk. but in a more even fight say Isreal vs any arab run country you could use real world posturing to feed your cyber espionage channels. In this way you could build a response model to accurately gauge or anticipate your opponents countermeasure. E.g you move troops to within a 100 miles of thier border and use your APTs to monitor the enemies email communications.
Reply With Quote
  #48  
Old 26 Oct 11, 22:10
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by tnbn75 View Post
It's funny that you mention "blackhats" I'm not sure that I would put any state sponsored hacker in that catergory. E.g. US hackers hacking foreign entities i would consider whitehat. I leave the blackhat designation for hackers using there skill purely for profit.

You asked is there a definitive moment at which people realized that cyber warfare was possible and the answer is yes. first you should know that the DARPA (the internet) was never created with security in mind. It was created to ensure the ability to communicate in the event of nuclear war. Hackers have often used this fact to manipulate computers to do things that they were never meant to do. In 1988 the morris worm struck DARPA infecting 4000 systems. The morris worm was the first time a self-propagating virus attacked system vulnerabilties. It also led to the creation of the US Computer Emergency Response Team (CERT).

This was followed by sadmind, Nimda and code Red in 2001. With these worms the security fixes had already been released. however, sysadmins weren't applying the fixes.

http://en.wikipedia.org/wiki/Morris_worm
http://en.wikipedia.org/wiki/Notable...uses_and_worms

Cyber attacks in my definition is an overt action meant to disrupt services. This would be like Denial of service or Stuxnet where there are real world affects.

Cyber espionage is covert action to acquire intelligence which might require the use of an "attack" such as an APT (advanced persistent threat) like in the case titan rain or the RSA hack. the use of attack is strong as APTs require confidence tricks and human error to work.

Moonlight maze happened 1998 is the last of that breed of attacks. In 1998 few companies on the internet had strong security measures in place. Even in early 2000 there were still a few international banks that did not have firewalls in place. However, With the security tools and counter measures that exist now, this type of attack would be near impossible without an inside man.

There are countless books on Cyber warfare most of them say that the US is falling behind, which i don't think is accurate. I think that the US has not integrated its cyber capabilities as well as china or russia. Our kinetic capabilities are far in advance of any of our potential enemies so at the moment it doesn't present a huge risk. but in a more even fight say Isreal vs any arab run country you could use real world posturing to feed your cyber espionage channels. In this way you could build a response model to accurately gauge or anticipate your opponents countermeasure. E.g you move troops to within a 100 miles of thier border and use your APTs to monitor the enemies email communications.
Ok, I see where you're going. However, a few points I disagree with :
1) Are you saying that blackhats do their stuff solely for profit? Blackhats, to me, have arbitrary motives, just as anyone else does. Their work isn't necessarily predicated on pure monetary motives; furthermore, if I were a state entity, there's no reason for me to not subvert a blackhat for state purposes. We do that here in the US, no reason to not believe that other nations do the same thing. Furthermore, there's no reason to believe that a citizen of another country wouldn't have nationalist impulses that coincide with blackhat skills. At that point, money is a secondary factor.

2) Yes, of course, ARPANET (I think that's what you're actually referring to, DARPA was an originating funding agency) was not constructed with security in mind. If you look at the earliest RFCs, there's not the slightest mention of real security, it was just too fast moving and raw to include something like security we know of. This is why I mentioned CIS as they had an actual network already in place (even if it was dialup). So, to me, they represent one of the earliest exposures to cyberwarfare (aside from the telecomms, of course). IBM was another

3) The use of human factors in computer based attacks is SOP; it's also SOP in standard intelligence operations so I don't believe that APTs are anything special in having human factors as a target.

4) Yes, CERT was created as a response to the Morris worm. However, there had already been a trojan (the IBM Christmas Exec) which invaded a large number of IBMs mainframes a year before. And let's not forget that we had already a huge number of DOS based viruses which were quite difficult to deal with, let alone a network based object. VAX had its own attacks as well. Thus CERT is only marginally useful as a marker in time as the "horse has left the barn" already.

5) So far to my mind, cyber espionage is generally a transient mode for cyber warfare. The sames techniques (whether it's DOS, DDOS, SQL injection) are applicable in either type of confrontation. The same counter-measures are applicable. The only difference is the ability to scale and to distribute. Whether one is whitehat, blackhat, criminal, state sponsored, evil cartel conspiracy is almost irrelevant. It's the skills that matter in order to make the attack effective.

6) Yes, the difficulty in judging cyber warfare capabilities is that due to its transient nature, it's very hard to measure effectiveness. I couldn't really say how well the US does in comparison to the Chinese, Russians, Israelis, etc. I can only guess and mostly unfortunately, the knowledge of problems always occurs well after the fact.
Reply With Quote
  #49  
Old 31 Oct 11, 09:45
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
Hacking Attacks on Infrastructure: Easier and Multiplying

Thanks to improvements in technology, attempts to cripple power and water providers are easier — and they’re skyrocketing.
By Ben Johnson | Posted Sunday, Oct. 23, 2011, at 3:36 PM ET

Quote:
... the number of attacks is growing at a fast rate. According to AP, the Idaho National Laboratory, an organization that works to protect critical U.S. infrastructure like power grids and water systems, has seen attacks triple this year alone.
More from Slate - http://slatest.slate.com/posts/2011/...ltiplying.html

And

GCHQ chief reports 'disturbing' cyber attacks on UK

Quote:
Sensitive data on government computers has been targeted, along with defence, technology and engineering firms' designs, Iain Lobban said in the Times.
More from the BBC - http://www.bbc.co.uk/news/uk-15516959
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
  #50  
Old 31 Oct 11, 21:41
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Yes, I believe it's actually a concerted effort by other states in order to extract for free at the least the maximum economic informational wealth that most Western industrial nations possess. This is because they have traditionally utilized industrial espionage in order to further their own industrial/knowledge shortcomings. The problem is that the IETF is not particularily sanguine toward security and thus by sheer denial and concept cannot engineer a way out of the situation. Unfortunately, this allows this kind of illicit behavior to continue partly by design and partly by laziness.
Reply With Quote
Sponsored Links

  #51  
Old 01 Nov 11, 16:33
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
Boomer I don't think we're too far off really. I mainstream news as barometer. once it playing on cable news. It becomes real to society not just subject matter experts.

Btw if you haven't heard. someones been playing on our satellites. talk about some need for airgap.
http://news.discovery.com/space/sate...ing-china.html

scarier still is that the same controllers that Stuxnet are used for far more than centrifuges. some other uses include prison doors controls.
Reply With Quote
  #52  
Old 01 Nov 11, 16:42
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
So I wonder if next generation satellites will have the provision for upgrades to their OS and encryption subsystems. Otherwise I imaging they'd get hacked sooner or later.
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
  #53  
Old 01 Nov 11, 20:15
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by GCoyote View Post
So I wonder if next generation satellites will have the provision for upgrades to their OS and encryption subsystems. Otherwise I imaging they'd get hacked sooner or later.
I would imagine so. Most software/firmware has revision requirements so most will need to get updated at some point. But since that stuff also gets patched continually before even getting into the air, the security exposure is continuous. The use of COTS gear just makes it a lot easier.
Reply With Quote
  #54  
Old 01 Nov 11, 20:25
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
"COTS" ?
Reply With Quote
  #55  
Old 01 Nov 11, 21:36
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
Commercial Off The Shelf

Although many government projects requires so much modification I'm not sure term properly applies outside the office environment.
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
  #56  
Old 01 Nov 11, 22:38
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
Is it war if no governments are involved?

Quote:
Anonymous said it would begin publicizing people affiliated with the cartels if an Anonymous member that was kidnapped in Veracruz earlier this month was not released. The group also launched an attack on the Veracruz state government Web site in September to call attention to complicit elected officials.
http://www.dailydot.com/news/anonymo...-drug-cartels/

Stratfor carried the story too but it's a subscription only story.
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
  #57  
Old 02 Nov 11, 00:20
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by GCoyote View Post
Commercial Off The Shelf

Although many government projects requires so much modification I'm not sure term properly applies outside the office environment.
Well, that is true but it also depends on what the mods are for. Much of the time, stuff gets modified in order to work in conjunction with older stuff which is already in the field. But that's another subject.

Here's an example of current technology built with current concepts being surveilled by opposition.

http://gadgets.softpedia.com/news/Ir...r-6929-01.html
Reply With Quote
  #58  
Old 05 Nov 11, 13:09
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
" current technology built with current concepts being surveilled by opposition."

Not the first time I've heard this. Have ben informed by insiders about the current version of the long running debate within the signals community over level of security required for the message traffic. The conceit that the enemy is too stupid or other wise incapable of intercepting & reading the message is much alive and well.
Reply With Quote
  #59  
Old 07 Nov 11, 20:00
tnbn75's Avatar
tnbn75 tnbn75 is offline
Sergeant
United_States
 
Real Name: trung
Join Date: Feb 2010
Location: richmond
Posts: 110
tnbn75 is on the path to success [1-99]
I have never been so naive to think the our military or gov't networks were secure. I've often heard grand tales of how no electronic signal escapes the attention of our gov't but let's be honest its the gov't. Although there is some incredibly advanced listening internet eavesdropping going on it's not foolproof.

It looks like DARPA just held a conference on the subject of protection our military network infrastructure. Bottom line we're exposed at a fundamental level. Whi

http://www.defense.gov/news/newsarticle.aspx?id=65988

http://www.darpa.mil/NewsEvents/Rele...ISCUSSION.aspx

The solution it seems will be leveraging the cloud which is "COTS". So we are clear on "the Cloud" Cisco has the best definition of what the want to do. The military isn't planning on going GMAIL across the board but private clouds. Think a single server the size of a fridge running 1000s of computer "images" that can be patched secured and rolled back instantaneously.

http://www.cisco.com/en/US/solutions...11-617239.html

Also there are considering how to enhance/further leverage our cyber offense. It looks like some think we maybe deficient in this arena as well.

http://www.mobiledia.com/news/115529.html
Reply With Quote
  #60  
Old 09 Nov 11, 14:08
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by tnbn75 View Post
I have never been so naive to think the our military or gov't networks were secure. I've often heard grand tales of how no electronic signal escapes the attention of our gov't but let's be honest its the gov't. Although there is some incredibly advanced listening internet eavesdropping going on it's not foolproof.

It looks like DARPA just held a conference on the subject of protection our military network infrastructure. Bottom line we're exposed at a fundamental level. Whi

http://www.defense.gov/news/newsarticle.aspx?id=65988

http://www.darpa.mil/NewsEvents/Rele...ISCUSSION.aspx

The solution it seems will be leveraging the cloud which is "COTS". So we are clear on "the Cloud" Cisco has the best definition of what the want to do. The military isn't planning on going GMAIL across the board but private clouds. Think a single server the size of a fridge running 1000s of computer "images" that can be patched secured and rolled back instantaneously.

http://www.cisco.com/en/US/solutions...11-617239.html

Also there are considering how to enhance/further leverage our cyber offense. It looks like some think we maybe deficient in this arena as well.

http://www.mobiledia.com/news/115529.html
To be honest, I'm not too concerned about re-imaging corrupted gear; that's a pretty simple piece of maintenance relatively speaking. But if you look at the panoply of types of hardware, firmware, software that an large agency might use, the management and thus the security of it becomes more difficult. Not impossible but more problematic.

For instance, if an agency decides that it is necessary to move to Windows (the latest version) then it is usually necessary to have a timeline that matches not only the Windows OS update availability schedule but to have matching software and firmware for whatever other equipment resides in-house and is out in the field. Let's say, that the same agency faces a Windows XP, Vista issue and is using the Win7 upgrade as a way to get out of the XP EOL issue and classic Vista complaints. It will have to do for a time simultaneous maintenance on all three OSs' and the machines they reside (if they for some reason haven't disposed of XP licenses). Let's say then they decide that to avoid Windows complications in the future, they start to migrate to Linux. Now they have an additional OS (and which version of Linux/Unix?) and its' support issues as well as the fact that a lot of hardware and software doesn't support Linux or requires a lot of bit-twiddling to get Linux/Unix to see that gear. We're talking solely the basic operations for a really simple datacenter to operate, not even actual day-to-day user transactions. Not even support for much heavier servers or specialized servers.

Now, let's say that we (the agency) wants to operate its' own private cloud which is really nothing more than a datacenter with router-centricity. Ok, that means really it's going to own what it already has with "private" router connections to the Web. Whatever data is sitting in their shop is going to still stay in their shop. I seriously doubt that DOD or NSA is going to go 'cloud-centric' and move their data into the open or onto other government networks, at best, they may have a private cloudlike shop already; the environment isn't really going to change much. We're really just changing labels and access points and routing. Pretty much doubt that they're going to change their gear inhouse except to adopt more router-centric operations.

I have nothing against clouds or virtualization; they're great, may save you some money (maybe), can save some work (maybe), and offer opportunities (which is really the best part of clouds and virtualization). However, I don't think they necessarily represent some kind of security solution, especially since much of the problem lies higher on the network at the edge routers.
Reply With Quote
Sponsored Links

Reply

Please bookmark this thread if you enjoyed it!


Thread Tools
Display Modes



Forum Jump

All times are GMT -4. The time now is 02:48.
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.