Paul A. Strassmann

COMMENTARY

DOD social media policy fails to answer security questions

Solutions needed to reduce attack surfaces through desktop and server virtualization

The social media policy just approved by Deputy Defense Secretary William Lynn, states that the NIPRNet – the military's unclassified but sensitive IP network-- should be configured to provide secure access to the Internet. That is not actionable unless the directive can also give an indication of how to obtain such configuration in the future.

The new policy leaves the question how to make NIPRNet work securely with the fundamentally flawed Internet without a practical resolution.

Lure of social media

The social media offers features to Defense Department personnel that are otherwise not available by using DOD’s own resources. People like social media because they can easily obtain quality services, at hardly any cost, that DOD has neglected to provide. The online services DOD offers are hard to use, difficult to access as well as disjointed communications means.

DOD operates more than 500 major networks plus innumerable local network connections. It connects more than 5 million desktops, laptops and smart phones. A large share of these networks is switched over the public Internet, where every router and every switch are potential entry points for an attack.

Each of the DOD networks has different configuration and inconsistent firewalls. Each has inconsistent virus protection means. There are at least 10,000 high turnover administrators trying to defend more than 4,000 major applications and innumerable points of entry with patches, software updates and fault fixes. The defenders use inconsistent, incomplete and insufficiently supported management methods.

Given this fractured environment as well as the enormously large attack surface offered to millions of potential intruders, DOD cannot secure the existing NIPRNet to accept risk-free secure communications passed through the Internet. NIPRNet cannot be trusted to convey more than a billion/month messages from YouTube, Facebook, MySpace, Twitter, Google Apps, etc. without a zero-day attack eventually breaching through.

The proposed social networking policy continues to leave DOD vulnerable to a wide range of attacks. All it takes is a few botnets a day to bore through an unwatched port to potentially discredit reliance on the NIPRNet.

Corrective actions

The new policy should also outline solutions for reducing the attack surfaces through desktop and server virtualization. As first priority this would place secure “zero clients” desktops in protected private clouds operated by DOD so that Internet access can be safeguarded. That will be especially important as people access more data to protected networks through mobile clients.

DOD must offer collaboration services so that people do not have to resort to social media to satisfy their needs. For instance, the widely advertised use of Facebook by Adm. Mike Mullen could have been delivered through a DOD operated portal offering comparable features and accomplish that without the exposure that a Facebook message will also slip in malware. It is regrettable that Mullen must use  Facebook as the only easy to use, as well as universal connection, to 5 million military, civilian and reserve personnel because the existing communication means are broken, disconnected and not interoperable. DOD, with information technology spending that is ten times greater than the largest commercial IT budget, should offer Mullen a better way to communicate.

There are large savings available from simplifying the DOD’s fractured infrastructure, which currently consumes almost a half of the total IT budget. There is more than enough money to fund a much cheaper and more secure cloud-computing computing environment that connects everyone, securely.

There is more than enough money to offer to DOD personnel services that satisfy the need for social communications without exposing ourselves to the toxic Internet that is now and will remain always insecure as well as a source of uncontrollable perils.

Reader Comments

Tue, Mar 23, 2010 Chaim Krause

Prof. Strassmann, The air gap that you suggest in your comment would be costly and ineffective, and that is the least effective argument I have against it. My number one is that DoD IT wouldn't be able to implement it. DoD's IT track record is abysmal. Additionally your technical "solution" completely misses the entire grid square where the current DoD SMP addresses the *social* issues. And, I further suggest that your worries about NIPRNET are moot because we have SIPRNET for mission critical services and secured communications. NIPRNET is used to perform CRUD on (proprietary) text (a.k.a "Word") documents and "Exchange" unclassified (yes, I understand FOUO, etc. Use encryption!) email through (proprietary) systems. Worried about NIRPNET desktops? Do what internet cafes do and wipe them clean every COB. Keep the documents on *servers* that scan and search in near real time for "threats". Cache them locally. (This is what many commercial entities do now.) Again, this is about a seachange in understanding of the "Goodness"® of working with the public on public services since DoD is a government organization. DoD Policy and Procedures can be an DoS even more effective than a malicious attack by "Evil" entities. This whole discussion needs to be about usability, transparency, open communication, and "good enough" security measures (risk mitigation) to achieve the mission of protecting the people of this country (the USA). Complicating matters via swivel chair integration and cumbersome (and thus avoided) ineffective technical measures only creates greater risk to the mission. Chaim As usual, the standard CYA disclaimers apply since tax payers fund my day job's paycheck.

Wed, Mar 17, 2010 paul strassmann Explanation how to conduct secure social computing

To deal with social computing DoD should not build a replacement for Facebook because that will not serve the need for DoD personnel to communicate with their families and with the general population. I advocate the creation of separate and isolated virtual computers, accessed from totally thin clients (no disk, no operating system, no browser). A thin client would have two or more separate desktops that a logically and technologically isolated from each other. Thin clients can have access to several virtual computers via different and completely separate virtual desktop windows. DoD personnel can either access the sensitive NIPRNET on a separate and secure virtual desktop widow, or switch to a separate and pubic INTERNET connected virtual computer that bypasses DoD networks. In this respect this virtual computer would connect any public information services provider. Such access to the public network would follow the identical rules as any access to INTERNET from home. For technical details of the architecture how to achieve separation of the DoD private from the public INTERNET, see the recent issue in the AFCEA SIGNAL magazine that describes the proposed solution to DoD's social computing needs. SUMMARY You cannot mix NIPRNET and INTERNET communications using the current architecture that relies on 'fat' desktops and laptops. For secure social computing DoD must make available a 'thin' client architecture that completely separates what is defended and what is not. By opening a completely separate insecure channel to the toxic public INTERNET, DoD can serve the needs of social computing while preserving the secured integrity of the NIPRNET. Paul A. Strassmann

Mon, Mar 15, 2010 Susan

Mar 11 poster: How many separate issues can you bring into one post? Was your malware attack 3 years ago caused by social networking? Do those 10,000 professionals that leave every year leave do to social networking and/or security issues? Are these 10,000 professionals IT folks or what is their function? Throwing out random comments does not help further this debate. We cannot solve these problems unless we discuss the real issues, real facts, and real incidents, and then work together to find solutions.

Thu, Mar 11, 2010

I agree with Mr. Strassman in that we need to get our security issues straight before we begin to use Social Networking. I experienced a malware attack in a government agency about 3 years ago and it was not fun. Our freedom can be challenged by getting secret information. 10,000 professionals that are constantly leaving is very troublesome to me and a high indication to contributing why things are so problematic.We need to find out what is causing this turnover. Having so many different security systems is almost unbelievable. How did this occur? I understand having more than one in case of problems but so many just seem to drive cost inefficency.

Wed, Mar 10, 2010

Millennials Ignore IT Use Policies http://wiredworkplace.nextgov.com/2010/03/millenials_jumping_it_boundaries.php?oref=latest_posts "Millennials in the United States also noted that state-of-the-art equipment and technology will be essential when choosing an employer."

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above