The predecessor of the Internet, ARPANET, was set up by the U.S. Department of Defense in 1969. Cyber attacks against the U.S. government in the last ten years, such as Solar Sunrise and Moonlight Maze, prove that an original creator does not know all forever. Some news stories call the attackers "brilliant" or "sophisticated" but I find them to be anything but. Like most engineered attacks, even against normal Internet users, hackers focus on very weak vulnerabilities and betrayals of common sense. Government security officials claim they are suffering from high-tech espionage but I think it merely boils down to the basics of phishing and social engineering.
Just as attacks against innocent Internet users rise continuously each year, so do attacks against U.S. government to obtain sensitive information. As I read an article detailing how a hacker in China sent a very believable email to an executive of a government consulting firm, it made me realize how far we are from sealing security here. Even if the government's IDS, Einstein, ever reaches the front of all government networks, there is no way to successfully stop human error. But I have an idea for them.
The only answer to keep hackers out of government information is to completely lock down all of the networks. No agency would receive an email unless it most definitely traced from a certain range of government IP addresses. Agencies just outside of the government performing any work would have to use the same method. With multiple reinforced layers, there would be no way an email originating from China and passing through untrusted networks would reach an official. This recurring problem of faked emails including malware should be stamped out before anything else moves forward. I scratch my head wondering why this is still an issue?
While the rest of Internet users just try to keep their online banking logins secure and keep spam out of their inboxes, the government will spend $17.0 billion dollars on a cyber initiative. "The Bush administration's cyber initiative, known as Presidential Directive 54, is partly a response to a series of cyber intrusions that plagued the Pentagon last summer. Hackers seemingly based in China stole untold amounts of e-mail data from the Department of Defense's servers." This initiative, which has been in talks since 2007, will create guidelines on auditing government networks. Unfortunately the initiative has not even reached a starting point as we head towards 2009. (At least I have trouble finding if it has.) Their slow pace frightens me. What else will hackers uncover during this period of disorder?
There are no comments for this entry.
[Add Comment]