Air Force To Rewrite the Rules of the Internet 547
meridiangod writes "The Air Force is fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear. So now the service is looking to restore its advantage on the virtual battlefield by doing nothing less than the rewriting the 'laws of cyberspace.'" I'm sure that'll work out really well for them.
Anonymous has not place on a military net. (Score:2, Interesting)
there's nothing wrong here (Score:5, Interesting)
for an organization the size of the air force, and with the mandate it has, there is nothing laughable or overly ambitious about say, creating and implementing your own supersecure protocol, and supporting it within its subnet
and, if successful, watch it leave its military surroundings, be adapted by universities, then corporations, then the general public
kind of like the internet itself
somebody is going to do this at some point, considering the various shortcomings of our present dominant protocol suite
that it would be the military to do it first makes sense
good concepts, bad headline (Score:5, Interesting)
If you actually RTFA, you see that they aren't bonkers. Quite to the contrary. See this quote, for example:
"[M]ost threats should be made irrelevant by eliminating vulnerabilities beforehand by either moving them 'out of band' (i.e., making them technically or physically inaccessible to the adversary), or 'designing them out' completely," the request for proposals adds.
Yeah, absolutely. Remember that this is the military we're talking about. These are the guys who are the "customers" of stuff like the NSA's formally verifiable code project. These are the guys who still use 10 year old computers because those are hardened and tested to military standards. If they upgrade to 5 year old computers, the gain in speed will offset pretty much any performance penalty that security methods that don't fly in the commercial world because of said performance penalties, could cause.
These are also the guys who do a ton of things badly.
So it'll be interesting to watch.
Rewrite the rules of the Air Force (Score:2, Interesting)
Instead of letting them try to push us around, we the geeks can turn the tables and re-write government [metagovernment.org] based on open source philosophy.
The plan for transition is practical, and folks like those running the Air Force will never see it coming until it is far too late for them to do anything about it.
Re:there's nothing wrong here (Score:5, Interesting)
there is nothing laughable
But this [cnn.com] is very laughable, as is this [cnn.com] and this [crime-research.org]. Now imagine what we don't know about!
Re:Disconnect (Score:5, Interesting)
Re:there's nothing wrong here (Score:3, Interesting)
Replace TCP/IP (Score:4, Interesting)
Its not so crazy that they would replace TCP/IP with something else fairly similar for their internal use.
Windows (Score:2, Interesting)
Shouldn't the IPs all be in the same block? (Score:5, Interesting)
Re:there's nothing wrong here (Score:1, Interesting)
I would recommend to them to install IPv6, and disallow any IPv4! How many sites and botnets running on peoples home PC's could access them then? They would get at least several years worth of a break, until others finally started going to IPv6.
Re:there's nothing wrong here (Score:3, Interesting)
"for an organization the size of the air force, and with the mandate it has, there is nothing laughable or overly ambitious about say, creating and implementing your own supersecure protocol, and supporting it within its subnet"
Yes, All we have to do is look at history. The term "Internet". Meant a network that connected networks. Back when the term was coined networks did not use TCP/IP. "IP" was designed as "Internet Protocol" or literally the protocal to be used BETWEEN networks. Only later did almost all of those networks themselves begin to use TCP/IP internally.
So it is reasonable that the US Air Force could simply abandon the use of TCP/IP within the entire service and connect to the public Internet via a gateway. After all that is how everyone did it back in the 70's
There are a few things they might use that already exist and are already in use. They really need a network that is fully end to end encrypted and has strong authentication. TCP/IP is not that.
Re:Disconnect (Score:4, Interesting)
Re:prevent IP spoofing - save the world (Score:3, Interesting)
Re:Disconnect (Score:5, Interesting)
The USAF would like to alter the permissive and decentralized nature of the Internet through technological and possibly political means to suit itself.
I reckon that if any entity tries a large scale centralisation of the "the internet" then the users will simply adapt and decentralize in other ways.
The more surveillance present on the internet the less useful it will be as a way to transmit information anonymously. However with advances in wireless technologies setting up other ways to transmit data is not only possible, but easier and cheaper than ever before. It's not about doing things that are illegal, but rather that to ensure freedom, liberty and justice there needs to be ways of communicating that is not subject to government (or corporate) scrutiny.
Of course that is not what this specific case is about, but I fear that whatever measures they implement (or try to) will carry with it a host of other issues that could inhibit the ability of ordinary citizens to access knowledge or data without being logged in an ever growing database. The phrase "if you are not doing anything illegal you have nothing to worry about" is misleading. Since it does not consider the possibility that what you did today, while not illegal, could be used months, years, decades, down the line when the motivations of those with access to the database changes (or indeed the database falls into the hands of antagonistic person(s)).
Re:achilles heel (Score:1, Interesting)
Re:there's nothing wrong here (Score:3, Interesting)
Re:Disconnect (Score:3, Interesting)
This isn't true. Google by itself is only a part of the equation that led to the death of bookmarking. In truth, the more obscure stuff is still easier to get at via bookmarks and portals than Google.
What diminished the utility of bookmarks is a combination of Google, Wikipedia, blogs, and content aggregation (RSS/Atom).
What Google did is figure out a way to do zero-knowledge authentication. It will tell you that citibank.com is the site of Citibank, while citi-bank.com is probably not the site you're looking for, whitehouse.gov is the real official website of the executive branch, while whitehouse.org and whitehouse.com are not (though this example is a bit dated).
That feature, I think, is infinitely more valuable than a very marginal bit of convenience.
Re:Disconnect (Score:4, Interesting)
The Air Force has announced similar programs to this in the past with little or no actual outcome. Every now and then they have to come out with another program with a spiffy name to distract us from the fact that they can't keep kids from breaking into their networks.
Re:Disconnect (Score:5, Interesting)
Not true. While working for the Dept of Defense I saw this scenario played out - it was around 1995.
A van pulled up about a quarter-block away from a BDM building (located on a very public street) but the van was just too suspicious, for reasons I'd rather not elaborate on. Secretaries returning from lunch noticed it and reported it to security. Local police cordoned off the area very, very quickly - almost real-time - coincident with a first-responder team from the local USAF base. Automatic rifles were pointed at the van from three directions, two Ruger AC-556s were layed against the back door, and the solid side of the van was struck with some sort of hammer, and a cry to get the fuck out of the van ensued. Public area, people put rapidly out of harm's way. I recall that from phone report to guy laid out being handcuffed took less than 20 minutes.
And yes, he was a spy, using the latest EM-based eavesdropping equipment. Saw it and heard it. None of this sir, please step out crap.
Maybe a decade later we've learned to coddle suspected spies... no, wait - I saw Harold and Kumar Escape from Guantanamo Bay (sorry, couldn't resist) - I rather doubt it, but then, I could be in error.
Re:It worked for the Army! (Score:2, Interesting)
anybody else noticed that Military Intelligence Battalion's acronym is M.I.B. ?
Re:Disconnect (Score:3, Interesting)
the van was just too suspicious, for reasons I'd rather not elaborate on.
I will not ask you what made the van suspicious, but I would like to know why you don't want to elaborate on it. For whose sake?
Re:Disconnect (Score:3, Interesting)
The more surveillance present on the internet the less useful it will be as a way to transmit information anonymously.
Actually, the Internet has always been highly susceptible to surveillance. This was done intentionally, but with different terminology that matches the motive. The intent was to make it reasonably easy to manage and troubleshoot. I.e., it's supposed to be easy for support people to examine the traffic, diagnose problems, and fix them. It's a large part of why the Internet has been so successful. And if the support crew can examine your packets, then anyone anywhere along the data path can do so.
This may seem odd considering that the early Internet was developed almost entirely with military funding. But it makes sense if you study their reasoning. The security people understood from the start that the only way you can get communication security is with end-to-end encryption.
Trying to push the security to a lower level is counterproductive, because the lower levels are inevitably close to invisible at the application level. This means that security breaches at lower levels will rarely be noticed for some time. And even when you notice a breach, digging into the lower levels of the protocols is inherently difficult for people who don't work with it every day. So they concluded that the IP layer should only worry about getting packets to their destination undamaged. That's difficult enough that you don't want the people working on it to be distracted by security issues; they'll just screw it up and block valid traffic. They don't need to know the contents of packets, just the headers, so if you encrypt all the contents, it doesn't affect the lower levels at all.
Or, more simply: Low-level encryption is a pure waste of cpu time and bandwidth, because you have to do it at the top level anyway. So don't bother. And nothing but top-level end-to-end encryption will give you secure communication.
Yes, this means that anyone can intercept your traffic and save it. If you are relying on this not happening, you can't ever be secure. You have to accept it, and make your data worthless to anyone but the intended recipients.
This was all understood decades ago by the folks who designed the Internet. Complaining about surveillance now really just shows poor understanding of the issues. You can't prevent surveillance on any network, so don't bother. You should be talking about making that surveillance a time and money sinkhole with no results. And you do that by encrypting stuff. There's a lot of research on this topic and most of it is pretty easy to find; go read some of it.
Re:Only traitors will vote for Oook-oook Banana (Score:3, Interesting)
That's because you visit more atheist-friendly websites than religious websites. People prefer to express their opinions in like-minded company; thus you see more anti-religion post on your pro-atheist websites.
On this comment page, there are at least two anti-atheist posts. That is for a single story. Twenty slashdot stories a day, 500 posts per story makes your 20 000 posts to cover that. So you claim that almost every post made on slashdot is anti-religion? Or does slashdot have a different ratio because it is a particularly pro-religion website?
Re:Only traitors will vote for Oook-oook Banana (Score:3, Interesting)
For instance, I'm not excluded from any blog at all, no one actively tried to suppress my education or rights or those of my daughter or her children. You list a line of talking points that don't stand up on scrutiny and I seriously doubt your every time statement. Sounds more like pompous self-aggrandizement than truth. Also, the 'true teachings' statement is similar to that made by religious bigots because they 'hold the understanding'. I live in Bible belt country and rarely hear local conservative politicos spit hate and venom.
Re:Only traitors will vote for Oook-oook Banana (Score:3, Interesting)
... and I am an Anarcocapitalist. I believe that there's no government you can design, that authoritarians of either the Communist-type or the Fascist-type won't eventually turn into their own tools of oppression (always, of course, "for everyone's benefit")
I know it sounds extreme, but if you're a fan of the work of Nobel-prize winning economist Milton Friedman, I suggest you have a look at the work of his son, David Friedman [amazon.com], which extended his father's work to its natural conclusion.
And in any case... whether you want a return to the limits of the Constitution, less government overall, or no government whatsoever, I suggest you check the link in my signature.