Back in the 1970s when I was in Washington I was closely involved in designing and deploying secure networks. Back then we worried about such things as transmission security, operating system security, database security, and end user security. Needless to say such things as described in the Falcon and the Snowman were human were the Snowden events of that period. We further enhanced the system with high grade encryption, and all combined the system works, most of the time.
My Deputy was a fellow named Eric Ackerman, former British Intel and a Wing Commander in the RAF. Eric's most famous exploit was tapping into the Soviet telephone system in Berlin, despite the CIA trying to take credit. Eric also retrieved the V2 guidance system from a crashed V2 in Norway. Eric and I would think of ways we could have our networks compromised. There were always ways, and most were the result of human negligence.
Now in the late 90s when I was building my fiber IP network from Frankfurt to Moscow to Warsaw, Athens, Prague, Vienna etc, I had conversations with some "folks" in the US and noted the gross weakness of the Internet and its variations for transporting anything. IP is an open network, open means that anyone can do nearly anything. You send a packet and you may just as well post it on a public bulletin board.
Moreover, in today's software environment operating systems, databases, displays, neural nets, etc are amalgams of third party software. It is an unbridled pile of third party code patched together to keep the price down and get the job done. The risk is that in that reusable software are a massive number of threats. Add to that the Network Management issues which open another set of possibly lethal access to your network. Back in the 1980s a key element of Network Management was security management. However such a function is grossly compromised by this third, fourth, fifth etc party software.
The Government asked for this by the very nature of their management and procurement policies. A recent example is the terminated voting security person who was an environmental scientist as an undergrad and lawyer as a profession. Not knowing any more, one would suspect that he would be clueless on these issues.
What is needed a a few Eric Ackermans. Unfortunately, we no longer hire people like Eric.
Posts
