The FBI’s Shawn Henry says the world needs a second Internet for critical systems – apparently never having been told what a “private network” is when you don’t prefix it with the word “virtual” – and the idea is taking off in other quarters. Here’s why it’s a dumb idea: it won’t work. It’s not just that the easiest defenses …
When will they learn?...
... that you don't prevent bank robberies by building special roads to the bank. Dedicated network? Er, wasn't that where all those Wikileaks cables came from?
Maybe the G-men need to read End-To-End Arguments in System Design, J.H. Saltzer, D.P.Reed, D.D.Clark, ACM TOCS, Vol 2, Number 4, November 1984, pp 277-288.
When will people like YOU learn that banks with no roads to them at all can't be robbed? A network that has no connection to the Internet can't be compromised! Period.
Your "Just Kidding" icon seems to be missing, ILB56.
The recent case of US drone control systems being infected by a virus:
These systems were not connected to the internet (probably not on a network of any kind), the assumed path of infection being via USB drives being used to transfer updated maps etc. to the control systems.
The systems ARE connected to the Internet and were compromised by someone on the inside playing a Facebook game.
If they weren't connected to the Internet, it would be completely irrelevant if they were compromised by USB sticks because nobody would be able to retrieve data or take control of systems.
"(since one idea doing the circuit is the registration of all machines)" .. Hate to disillusion you but this had been happening for a while in the states.. Buy any machine with ethernet hardware and the MAC address is recorded along with the purchaser details.
Ya, because macs can't be faked... right?
Only villains are going to go to the bother of faking macs, the Feds don't care about them, their entire reason d'être is to instill fear into the general populace so governments can more easily control them, and as for why they don't read... anything, they're programmed on a need to know basis.
As for building new internets - like the natural world, the Internet can survive nukes or inbound asteroids, but it's got no hopes against man.
To serve man. 'It's a cook book, A COOK BOOK!'
Let them have their own internet - maybe they'll stop spying on ours.
Sort of an interesting idea. However what could be a really good idea is to talk to a real actuary, and see what they think. Actuaries certainly work in risk, but they are to a large extent statisticians. Without a statistical basis for risk assessment it becomes a different problem.
This is the issue with quantifying internet security. There isn't the equivalent of the underwriters laboratory that certifies materials and components, and there aren't standards bodies that build standards built upon centuries of experience. Worse, there is no way of quantifying the effects of a security breach ahead of time. There are no easy risk/cost curves. There are huge discontinuities in the problem. This isn't likely to be a place where actuaries play. But a professional actuary might well differ with me. Hearing from one would be interesting.
What's the problem?
How can it be so hard to secure connections, to and from, a small black box? Then again we don't seem to be doing fine with the one on top of Big Ben.
Shades of Strategic Air Command
When I worked with SAC communications we had redundancy upon redundancy upon redundancy.
This reminds me of that; We had two sets of land lines connecting all sites. NO line went the same route or through the same equipment. On several occasions we found telcos routing the redundant lines through the same switch and had to demand a change for security reasons. This made for a very robust system and it was only the first tier of at least three... Shouldn't detail the others.
The point is that if enough money was spent to build an independent network it would be so complex that security would still be a huge issue due to the complexity.
SAC's successor, STRATCOM, is just about as maniacal about redundancy, granted they have to be considering their mission.
The problem is almost ENTIRELY technical. Stuxnet targeted 4 ZERO DAY VULNERABILITIES. It doesn't matter what "behaviors" are when systems are as absurdly vulnerable as all of them are. Creating networks that are not connected to the Internet in any capacity would entirely solve the problem. Only someone physically entering your facility, physically accessing your computers, and downloading information to a portable media device, would compromise your data. And that is a physical security issue - not a technical one.
Yes, behavior is the number one problem. That said it's a self correcting one that does not need an additional "tax" to be levied.
As each of these companies runs afoul of various hackers they will fix their own systems. However, other, arguably more intelligent, business owners will learn from others mistakes and be proactive.
Let the smart companies figure this out and the dumb ones o away.
The FBI is talking out of its ass. What else is new?
There ALREADY IS A "SECOND INTERNET"!!
Hell, there are at least two, the Joint Worldwide Intelligence Communications System (JWICS for short, which Justice probably isn't allowed to use) that is not connected to the wider Internet. And the National Security Agency Network, which may (or may not) be connected to JWICS but also is not connected to any wider network. There are probably also more networks than that which are totally private.
The WikiLeaks stuff was all SECRET, you can route SECRET data over a system thats connected to the wider internet. With TOP SECRET information it cannot be, it has to be routed over JWICS or NSANET (depending on if its over a COMINT distribution or not) uses a dedicated network separate from the rest of the SIPRnet, NIPRnet and Internet.
Basically the FBI proposes to duplicate one of DISA's better efforts for the Intelligence Community. And they're going to get away with it because they'll scream "Think of the Children!!" and other such claptrap. They'll half-bake it, it'll half work, and when it gets breached it'll make all of us who are really in the community look like unprofessional dolts that work for Justice.
But we're all on the same team now, y'know. Which basically means they do whatever they want, and we'll get blamed for it when they screw up.
Unclear on the concept ...
"It seems like everybody’s forgotten that Stuxnet wasn’t an Internet-borne attack. It was carried on a USB key: the kind of attack vector that will still exist on Henry’s proposed secure Internet."
In the stuxnet example, "sneakernet" is definitely part of TehIntraWebTubes[tm].
Re: mine, posted @14:13 2nd Nov.
I actually posted it about a week ago.
What's up, ElReg? Honest question, not taking the mick.
- SMASH the Bash bug! Red Hat, Apple scramble for patch batches
- A BENDY iPhone 6, you say? Pah, warp claims are bent out of shape: Consumer Reports
- eXpat Files 'Could we please not have naked developers running around the office BEFORE 10pm?'
- CoTW Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
- Vulture at the Wheel Renault Twingo: Small, sporty(ish), safe ... and it's a BACK-ENDER