back to article Why the FBI’s 'new Internet' is a dumb idea

The FBI’s Shawn Henry says the world needs a second Internet for critical systems – apparently never having been told what a “private network” is when you don’t prefix it with the word “virtual” – and the idea is taking off in other quarters. Here’s why it’s a dumb idea: it won’t work. It’s not just that the easiest defenses …

COMMENTS

This topic is closed for new posts.
  1. Yes Me Silver badge
    FAIL

    When will they learn?...

    ... that you don't prevent bank robberies by building special roads to the bank. Dedicated network? Er, wasn't that where all those Wikileaks cables came from?

    Maybe the G-men need to read End-To-End Arguments in System Design, J.H. Saltzer, D.P.Reed, D.D.Clark, ACM TOCS, Vol 2, Number 4, November 1984, pp 277-288.

    1. ILB56
      FAIL

      When will people like YOU learn that banks with no roads to them at all can't be robbed? A network that has no connection to the Internet can't be compromised! Period.

      1. Anonymous Coward
        Anonymous Coward

        Your "Just Kidding" icon seems to be missing, ILB56.

  2. Noodle
    Terminator

    See also..

    The recent case of US drone control systems being infected by a virus:

    http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

    These systems were not connected to the internet (probably not on a network of any kind), the assumed path of infection being via USB drives being used to transfer updated maps etc. to the control systems.

    1. ILB56
      FAIL

      Wrong

      The systems ARE connected to the Internet and were compromised by someone on the inside playing a Facebook game.

      If they weren't connected to the Internet, it would be completely irrelevant if they were compromised by USB sticks because nobody would be able to retrieve data or take control of systems.

  3. Anonymous Coward
    Alert

    "(since one idea doing the circuit is the registration of all machines)" .. Hate to disillusion you but this had been happening for a while in the states.. Buy any machine with ethernet hardware and the MAC address is recorded along with the purchaser details.

    1. Anonymous Coward
      Anonymous Coward

      macchanger

      Ya, because macs can't be faked... right?

  4. Tony Paulazzo
    Alien

    Only villains are going to go to the bother of faking macs, the Feds don't care about them, their entire reason d'être is to instill fear into the general populace so governments can more easily control them, and as for why they don't read... anything, they're programmed on a need to know basis.

    As for building new internets - like the natural world, the Internet can survive nukes or inbound asteroids, but it's got no hopes against man.

    To serve man. 'It's a cook book, A COOK BOOK!'

  5. Anonymous Coward
    Anonymous Coward

    Why not?

    Let them have their own internet - maybe they'll stop spying on ours.

  6. Francis Vaughan

    Sort of an interesting idea. However what could be a really good idea is to talk to a real actuary, and see what they think. Actuaries certainly work in risk, but they are to a large extent statisticians. Without a statistical basis for risk assessment it becomes a different problem.

    This is the issue with quantifying internet security. There isn't the equivalent of the underwriters laboratory that certifies materials and components, and there aren't standards bodies that build standards built upon centuries of experience. Worse, there is no way of quantifying the effects of a security breach ahead of time. There are no easy risk/cost curves. There are huge discontinuities in the problem. This isn't likely to be a place where actuaries play. But a professional actuary might well differ with me. Hearing from one would be interesting.

  7. BrownishMonstr

    What's the problem?

    How can it be so hard to secure connections, to and from, a small black box? Then again we don't seem to be doing fine with the one on top of Big Ben.

  8. Framitz

    Shades of Strategic Air Command

    When I worked with SAC communications we had redundancy upon redundancy upon redundancy.

    This reminds me of that; We had two sets of land lines connecting all sites. NO line went the same route or through the same equipment. On several occasions we found telcos routing the redundant lines through the same switch and had to demand a change for security reasons. This made for a very robust system and it was only the first tier of at least three... Shouldn't detail the others.

    The point is that if enough money was spent to build an independent network it would be so complex that security would still be a huge issue due to the complexity.

    So FAIL.

    1. FrankAlphaXII

      SAC's successor, STRATCOM, is just about as maniacal about redundancy, granted they have to be considering their mission.

  9. ILB56
    Alert

    Ignorant article

    The problem is almost ENTIRELY technical. Stuxnet targeted 4 ZERO DAY VULNERABILITIES. It doesn't matter what "behaviors" are when systems are as absurdly vulnerable as all of them are. Creating networks that are not connected to the Internet in any capacity would entirely solve the problem. Only someone physically entering your facility, physically accessing your computers, and downloading information to a portable media device, would compromise your data. And that is a physical security issue - not a technical one.

  10. chris lively

    Dumb idea

    Yes, behavior is the number one problem. That said it's a self correcting one that does not need an additional "tax" to be levied.

    As each of these companies runs afoul of various hackers they will fix their own systems. However, other, arguably more intelligent, business owners will learn from others mistakes and be proactive.

    Let the smart companies figure this out and the dumb ones o away.

  11. FrankAlphaXII
    Go

    The FBI is talking out of its ass. What else is new?

    There ALREADY IS A "SECOND INTERNET"!!

    Hell, there are at least two, the Joint Worldwide Intelligence Communications System (JWICS for short, which Justice probably isn't allowed to use) that is not connected to the wider Internet. And the National Security Agency Network, which may (or may not) be connected to JWICS but also is not connected to any wider network. There are probably also more networks than that which are totally private.

    The WikiLeaks stuff was all SECRET, you can route SECRET data over a system thats connected to the wider internet. With TOP SECRET information it cannot be, it has to be routed over JWICS or NSANET (depending on if its over a COMINT distribution or not) uses a dedicated network separate from the rest of the SIPRnet, NIPRnet and Internet.

    Basically the FBI proposes to duplicate one of DISA's better efforts for the Intelligence Community. And they're going to get away with it because they'll scream "Think of the Children!!" and other such claptrap. They'll half-bake it, it'll half work, and when it gets breached it'll make all of us who are really in the community look like unprofessional dolts that work for Justice.

    But we're all on the same team now, y'know. Which basically means they do whatever they want, and we'll get blamed for it when they screw up.

  12. jake Silver badge

    Unclear on the concept ...

    "It seems like everybody’s forgotten that Stuxnet wasn’t an Internet-borne attack. It was carried on a USB key: the kind of attack vector that will still exist on Henry’s proposed secure Internet."

    In the stuxnet example, "sneakernet" is definitely part of TehIntraWebTubes[tm].

    1. jake Silver badge

      Re: mine, posted @14:13 2nd Nov.

      I actually posted it about a week ago.

      What's up, ElReg? Honest question, not taking the mick.

This topic is closed for new posts.

Other stories you might like