Security Flaws Could Cripple Defense Network 137
userexec wrote to mention an FCW.com article about the uninspiring future for the Missile Defense System's software. The developers are apparently very worried about poor information security on the project. From the article: "The report said that neither MDA nor Boeing officials saw the need to install a system to conduct automated log audits on unencrypted communications and monitoring systems. Even though current DOD policies require such automated network monitoring, such a requirement 'was not in the contract.' The network, which was also developed to conform to more than 20-year-old DOD security policies rather than more recent guidelines, lacks a comprehensive user account management process, the report said. Neither MDA nor Boeing conducted required Information Assurance (IA) training for users before they were granted access to the network, the report stated. "
Let me take guess.... (Score:5, Funny)
Re:Let me take guess.... (Score:1, Flamebait)
In any event, whatever company it was, look for the names Bush the Elder, James Baker, Rumsfeld, Cheney, et al, on the board of directors either present or past.
That or the company is owned by the Carlyle Group.
Or it's an Israeli company. We gave an Israeli company the contracts to run our law enforcement wire tapping operation - until employees got caught selling wiretap data to drug dealers in LA. The same company al
And sooner or later... (Score:5, Funny)
Re:And sooner or later... (Score:3, Funny)
This is bad. (Score:1, Redundant)
Re:This is bad. (Score:3, Interesting)
Why is anyone going to care about a weapon system everyone knows is a dud anyway?
The system has never once demonstrated that it works, every single test has either failed outright or been rigged. The only reason the program exists at all is to hand out taxpayer money to campaign contributors.
It's always a waste of money, until it works... (Score:2, Insightful)
The only reason the program exists at all is to hand out taxpayer money to campaign contributors.
And the thousands of American scientists, engineers, technicians and support staff that design and work on these systems. Based on comments like this, you'd think that the government is stuffing shells full of cash and launching them at the enemy. Where do you think these "weapon systems" are designed and built?
Maybe my perspective is skewed. The only job offers (early career engineer) I was able to secure (
Re:It's always a waste of money, until it works... (Score:3, Interesting)
Re:It's always a waste of money, until it works... (Score:2)
DAMN! Someone has already accessed the Defense Network and gotten ahold of our super-secret National Missile Defense technical specifications!
Re:It's always a waste of money, until it works... (Score:2)
Meanwhile, the *real* defense system is tied into George Bush's Play Station
No cause for concern there folks, nothing more to see here
Re:It's always a waste of money, until it works... (Score:5, Interesting)
Re:It's always a waste of money, until it works... (Score:2)
Are engaded in a corrupt, shameful use of their time? Yes absolutely.
The UK deployed an anti-anti-balistic misslile system in the 70s called Chevalene. It worked by ejecting several hundred myla
Re:This is bad. (Score:1)
Even if the system doesn't work, it's still bad to have unsecured access to it. It's certainly a concern that some terrorist might be able to infiltrate the system and use it to shoot down passenger planes or caus
Re:This is bad. (Score:2)
Re:This is bad. (Score:2)
Re:This is bad. (Score:2)
Re:This is bad. (Score:1, Interesting)
I doubt it. I mean, really, no level of failure or malfeasance in the missle shield project has dissuaded or concerned U.S. politicians one bit since it was first proposed. Why start now?
Re:This is bad. (Score:2)
You'd be surprised.
Re:This is bad. (Score:2, Troll)
If it was part of a Military Specification (or MilSpec), then the contractor had to follow it regardless of whether it was in the contract or not.
However, if it was Military Standard instead, then the contractor doesn't have to follow them, even if the Standard is referenced in the contract. Only if the applicable part of the Standard is put into the contract without reference, thereby making it a contract term, is the contracted entity required to follow it.
I realize that may be confusing, so I'll
Idea (Score:5, Funny)
Re:Idea (Score:1)
security by obscurity (Score:1, Funny)
I am not suprised! (Score:3, Insightful)
This does not suprise me at all, after all, we as Americans are quickly proving that we're becoming the bastion of incompetence. From NASA,
to the war in IRAQ,
irregularities in elections,
collapsing health care system,
cronyism in government,
out-sourcing out of hand,
the massive trade deficit,
the fact that communist China, Japan and the UK now help us with our balance of payments,
failing education system,
Katrina,....one wonders whether we as a nation can ever do anything right.
Question is: Is there eanything really?
Re:I am not suprised! (Score:5, Informative)
Re:I am not suprised! (Score:2)
Satirical, but an amusing read.
Re:I am not suprised! (Score:2)
Hmm.... The national debt seems comparable to the total value of all SUVs/4x4 trucks in the US...
Are you thinking what I'm thinking?
Re:I am not suprised! (Score:2)
Are you thinking what I'm thinking?
Therefore
Yeah!!! Everybody grab your rocket launcher and head for the highways! Yeeee-ha!
Re:I am not suprised! (Score:2)
Re:I am not suprised! (Score:1)
I think so woolio, but how are we going to convince the TV networks to create new episodes of The Care Bears? Narf!
Re:I am not suprised! (Score:2)
The vast majority [treas.gov] of federal debt instruments are held by the American government itself, states, private investors, pension funds, corporations, and the like. So we owe most of the national debt to ourselves.
Only about $2T is owed to foreign investors, and I would think that Americans hold a comparable amount of foreign government securities.
U.S. Treasuries are still the worldwide standard for what is considered a risk-free investment. All other bonds are benchmarked against Treasuries, worldwide. Fin
Re:I am not suprised! (Score:2)
Weird... [I am not an economist].
Weren't large parts of the debt paid off [at one time] during the Clinton era? If most of the debt is held within the US and the govt pays it off using tax money, then in effect the cooperations are profiting from those paying taxes [which may be the most difficu
Re:I am not suprised! (Score:2)
During the Clinton administration, the (Republican) Congress passed the budget that had a surplus. That means the federal budget was taking in more tax money than it was spending. By the end of the Clinton administration, the economy was in a slump (thanks to Chairman Greenspan's insistance on a high prime interest rate.) Combined with September 11, 2001 the economy entered a weak recession, and the budget surplus became a defec
Re:I am not suprised! (Score:2)
Re:I am not suprised! (Score:2)
Interesting that you bind the government and corporations together under the flag of "ourselves." Neither of those entities is related to the people of the United States, which is the most important entity of them all. It may come as a suprise to you and others of your ilk, but the coun
Re:I am not suprised! (Score:2)
That would be the Chinese government.
Re:I am not suprised! (Score:2)
Re:I am not suprised! (Score:2)
So is the Ku Klux Klan, but they can go fuck themselves.
I'll choose individual rights over the imperious desires of corporations and governments day of the week. You may find being a part of the machine a satisfying existence, but I prefer free will.
Re:I am not suprised! (Score:2)
So if you don't agree with certain individuals, they forfeit their freedom of speech, assembly, etc? I personally abhor the KKK, but I will defend their right to speak, organize, buy property, and even particiapte in the democratic process as a group.
Yours is an inconsistent attitude towards to civil liberties that is commonly seen on the left end of the political spectrum. Mirror-image incosnistencies exist on the right, of course.
By the way, does
Re:I am not suprised! (Score:2)
Neat. That has nothing to do with the original argument. Corporations and individuals are separate entities. You cannot consider money delegated to corporations as benefitting the people. Read better.
Yours is an inconsistent attitude towards to civil li
Where have all the TRILLIONS gone? (Score:2)
Re:I am not suprised! (Score:2)
WTF! Stop having kids! OMG!
Re:I am not suprised! (Score:3, Funny)
Re:I am not suprised! (Score:1, Offtopic)
to robots
to physics
to the Internet
You can count on the same anti-American slashbotism to get modded to 5, adding nothing, really, to the conversation.
I salute you!
Re:I am not suprised! (Score:1)
Re:I am not suprised! (Score:4, Funny)
psst, hey buddy: check the location bar in your browser, whats that first word after http?
Re:I am not surprised! (Score:1)
Re:I am not surprised! (Score:1, Insightful)
Re:I am not suprised! (Score:1, Insightful)
Completely invading and occupying a nation the size of California with a 25m+ population and suffering fewer than 3000 casualties after three years is a failure? A foreign inspired (Syria and Iran, and
Re:I am not suprised! (Score:2)
Operation Swarmer was pure spin.
Re:I am not suprised! (Score:1, Informative)
NASA- nobody else come close in terms of accomplishments, missions, discoveries, etc. Other countries could only hope for the failures that NASA has come through.
"Collapsing" health care and education system- It's funny how so many other people from around the world come to the US for health care or education.
Outsourcing, elections, blah blah blah- stuff that ha
Re:I am not suprised! (Score:1)
Re:I am not suprised! (Score:2)
Now, our primary enemies are in the Middle East, and their chief skill is pump
Re:I am not suprised! (Score:1)
irregularities in elections,
The 2000 election was cooincidently very close. I don't think any country has perfect elections.
cronyism in government,
Again, what govmt do you hold up as a fine example? Shenanagans happen.
failing education system,
Personally, I think most education is not very practical anyhow. It does not reflect what people actually do at work, and outsourcing will take us further away from physics-oriented stuff (I agree with your outsourcing
health care system (Score:2)
Our problems do not come from a "failure" to socialize medicine. When I was up in Canada, the news was that brain scanners were mostly going to places with powerful politicians. Quebec got an unfair share. M
Re:I am not suprised! (Score:2)
Well, what I have done and continue to do is to make sure none of my president's cronys ever gets re-elected. Heck, the same fools wanted to out-source our port operations! Imagine that for second. They were infact onceding that America does not have the manpower to run ports that its workforce built!
After that, they talk of terrorism yet our borders remain open to anyone...this is 4 years after 9/11. What kills me most is the fact that....Nothing substantial is be
Oh, no, does this mean... (Score:3, Funny)
Re:Oh, no, does this mean... (Score:2)
Wish I could find linkage to it. He went for 55 hours straight.
I think our country would be safe with him at the... trackball.
Re:Oh, no, does this mean... (Score:2, Informative)
MDA AKA (Score:2, Informative)
Not too surprising... (Score:3, Insightful)
Re:Not too surprising... (Score:1)
Re:Not too surprising... (Score:2)
Mod up from troll, since you've never been in the US military. I was in the US Navy and actually priced out the costs for Snap-On tools that we had vs buying as a "normal" buyer, and we're talking a 20-50% markup. Get a clue.
Crapola (Score:3, Insightful)
Re:Crapola (Score:2)
So you are arguing that the whole idea of a missile defense program is bogus, that it can never work and that we should therefore pay a hundred billion dollars for one that does not work because it could not be expected to work?
Re:Crapola (Score:2)
Not on the Internet (Score:2)
Somebody correct me if I am wrong about this, but a system like this should be run in an airgapped environment where external interfaces (radars, etc) are not ones which you can ssh over or anything like that. Most likely every interface into the system will do exactly what it is designed for and nothing else.
People who have access to workstations on the system should need to go through a significant amount of physical security before they are able to do anything. At least thats how similar systems I have
Re:Not on the Internet (Score:2)
Once the person is through physical security, what will that person do? They have to be clueful as well as loyal in order to be safe for the network. One of the reported problems is that they weren't getting security training.
Re:Not on the Internet (Score:2)
My mental image is of a small team of well drilled military people who know exactly how to do their jobs. Maybe thats a wrong image. If so thats the real problem.
No amount of computer security will protect a system if the operational side hasn't been thought out.
Re:Not on the Internet (Score:2, Funny)
All the modems are connected to unlisted telephone numbers.
Re:Not on the Internet (Score:1)
Man... (Score:1)
CNP (Score:1)
It's all George Lucas' fault I tell you! (Score:1, Redundant)
Not to worry... (Score:5, Funny)
better head lines (Score:3, Insightful)
Security Flaws Could Cripple Defense Network
Drunk Driving Could Be Dangerous
Microsoft Goes Head-to-Head With IBM
Mixing Household Chemicals Could Be Dangerous
notice a pattern? none of these headliness says or means anything. they border between "no $hit" and "duh".
instead of that say-nothing giberish how about "group passwords threaten MDA's communications network"? see, now the head line says something.
ps, not to be a jerk, just to point out an area where slashdot can be better than the rest.
Would you like to play a game? (Score:3, Insightful)
How about Global Thermonuclear war?
You know... (Score:2)
Not Surprised (Score:4, Interesting)
I'm not surprised in the slightest by the "revelation" in this FA.
Re:Not Surprised (Score:2, Insightful)
And for good reason. Same reason that when you order a Dodge Neon they don't ship you a Dodge Viper. The contract is what is specifying what the government is buying. Change what the government is buying to enhance it and it's not really surprising that they want more money to produce it. Taking the least expensive option is usually the right option for the company even if it isn't in the sy
Re:Not Surprised (Score:3, Interesting)
Re:Not Surprised (Score:1)
Contractors and their employers have diametrically opposed goals. The successful use of a contractor for a critical system requires
- Careful planning to anticipate future needs and changing conditions.
- Very skillfully written contracts.
- A process of oversight and review by skilled people who know WTF they are doing.
The employer is doing most of the planning, a lot of the management,
for the people jumping on the contractors (Score:3, Insightful)
so if the security is bad, and it wasnt in the contract, the only people who can begin to address this are actually the purchasing organization, not the developers. the purchaser **needs** to add these stipulations in the contract or else the contractor legally is not allowed to work on fixing it.
Old news (Score:2)
who drafted the contract? (Score:1)
Re:who drafted the contract? (Score:2)
I don't. When I worked for a state government road building authority I saw us send out contracts for software which specified precicely how all asphalting works were to be carried out.
Another Contractor cutting corners (Score:3, Informative)
Lets hope their contract gets recompeted so my company can head over there!
Re:Another Contractor cutting corners (Score:1, Insightful)
And whats your company going to do? Really only Boeing, Lockheed Martin and Northrop Grumman are big enough to handle the prime contract.
Don't you watch "24" on FOX? (Score:2)
Re:Don't you watch "24" on FOX? (Score:1)
Loss of Experienced Staff = Policy Know How Loss (Score:1)
One weakness in many defense organizations is that so much of policy (IA) is a pain in the ass, but you learn to live with the pain as part of the job. If the people administering accounts, policy, and systems do not appreciate the reasons why the policies exit, they will not enforce them. If you are handed a 150 page procedure to read and sign that you have read it and you need the information access now, what are the chances you skipped the page that says you must do X to do Y? They are very high.
Also, w
Re:Loss of Experienced Staff = Policy Know How Los (Score:1)
More significantly, they use COTS software products, some of which are produced and maintained in countries that are likely to be on the receiving end of the target list. It should be fascinating to find out what happens if they ever try using it against one of those countries.
Inc
Security Flaws Could Cripple Defense Network (Score:2)
In MDA's defense..... (Score:1)
Not just GMD, but the whole system of systems including Aegis, THAAD, Airborne Lasers, advanced sensors and more. So in the long run I think MDA is following the right strategy - build stuff quick and refactor as needed. I believe this is far mor
Reports been pulled (Score:4, Interesting)
Re:Reports been pulled (Score:1, Informative)
http://www.google.com/search?q=cache:yNlqZ9eZV3oJ
In Soviet Russia (Score:2)
(Sorry, I'm really sorry. I can't stop.)
Hopefully they have improved the passwords! (Score:2)
From the article: more than 20-year-old DOD security policies
So that would put it in the early 1980s... but in the 60s and 70s, the missile launch passwords were all "00000000" (also see [damninteresting.com]here [columbia.edu]).
IA Training, Air Force Style (Score:4, Informative)
Having been involved with the Air Force since 1985 and done my shair of IA traing, I can say it is basically worthless and more or less comes down to "Don't give out your password, or run software from home".
zerg (Score:2)
If they do commit to ending the project, send them cash, since they won't be getting any from the defense contractors.
Just so you know (Score:2, Informative)