Replies

I could tell you things that would not only make everybody squirm in their seats, but get me thrown in jail as well. Here's one problem. But it's only one of many.

The DoD used to keep a "closed network". You couldn't generally reach it unless you were in a facility that had a node on the network, or you were in one of the places where the network links terminated.

Around about the time that Clinton did away with TEMPEST, some other things happened that didn't exactly make headline news. One of these things were the operation of overlapping networks via waiver. Previously, the rules would have PROHIBITED this. But budgets were being heavily restricted and networking gear about that time was pricey. So classified networks were run on the same media as unclassified networks. During this time, I helped clean up some very MESSY mistakes whereby highly classified message traffic ended up on an unclassified network. To clean it up by the regs would have been cost prohibitive, so the authorities chose to do detailed damage control and simply debrief the few who ended up seeing the traffic but weren't authorized. What bothered us was that we couldn't guarantee that the data only went so far. Remember...this is the result of a budget squeeze.

As I remember, after the above SNAFU, it was prohibited again to run overlapping networks, but it was still permitted to tunnel classified traffic through an unclassified network so long as the classified traffic was appropriately encrypted.

Seems reasonable... right? On the surface, yes. It seems reasonable. The problem is that the communications media is shared. Unless it gives preference to the classified traffic, then a denial of service attack against the transporting links is very likely to cause a performance degradation of the encrypted link. It's sort of like sending very sensitive and IMPORTANT information via courier, but making the courier ride the bus...which then gets stuck in traffic. This is essentially why a destructive cyber attack is inevitable. We're vulnerable NOW, and have been for years. It's much worse today than it was back when I was associated with DoD. Now a link failure, or degradation can affect 911 service, trunked EMS, LEO, and fire department radio comms over a VAST geographic area... business and residential internet, AND traditional telephony service. The service carriers don't actually advertise how vulnerable their systems are.

This isn't for you, but for the purists out there... "YES" the Internet was indeed made to be redundant and there are many provisions within it for redundancy. But go to any major network provider and see what multi-path BGP costs and then you'll understand why the Internet isn't really as redundant as it should be. Redundancy is EXPENSIVE. So much crap has been piled on top of it that should have never been there because it's not subject to the usual telecomm tariffs, but nobody tells the truth about just how survivable it is.

It's truly a disaster waiting to happen.