DARPA and the network
Michael.Dillon at btradianz.com
Michael.Dillon at btradianz.com
Thu Aug 4 13:20:46 UTC 2005
Since the modern military runs on networks, DARPA funds various
programs to make networks better and more secure. One of these
was CHATS. Here is the business case taken from the DARPA
budget justification:
------
The Composable High Assurance Trusted Systems (CHATS) program
is developing the tools and technology that enable the core network
services to be protected from the introduction and execution of
malicious code or other attack techniques and methods. These
tools and technologies will provide the security services needed
to achieve comprehensive-secure, highly distributed, mission-critical
information systems for the DoD. A unique feature of CHATS is that
these system capabilities will be developed by engaging the
open-source community in security functionality for existing
open-source operating systems. Additionally, DARPA will
engage the open-source community in a consortium-based
approach to create a ?neutral?, secure operating system
architecture framework. This security architecture framework
will then be used to develop techniques for composing OS
capabilities to support both servers and clients in the increasing
network-centric communications fabric of the DoD. In FY 2003 the
CHATS program will move to project ST-24 in this program element.
------
For a time, DARPA even funded the ongoing work of the OpenBSD
team but political disagreements over the Iraq war scuttled that
work. In roughly the same time frame, there was a project called
LSAP (Linux Security Audit Project) that attenmpted to extend
the methodology of OpenBSD to Linux. This was succeeded by
Sardonix which attempted to create a register of all audited open
source software. For various reasons both of these projects fizzled.
So why did OpenBSD succeed in their rigorous audit process?
I believe it is because there was a firm hand at the helm who was
able to keep them focused on their non-profit goal, namely
secure operating software. Now corporations do share one
characteristic with OpenBSD which should allow them to be
able to succeed in the same way. They have firm hands at the
helm. However, they also have the profit motive and it is often
possible for corporations to avoid security issues in their
systems and make profits anyway. That's where NANOG
comes in. We are the customers of the router and switch
manufacturers. We have the ability to tie the corporate profit
motive together with a security imperative.
I know that people on this list would rather talk about how
to tweak the boxes and protocols to do the best with what
we have available, but I think times have changed. The
global community of hackers is our Al Qaeda, a leaderless
mob that wants to break the network and control the network.
If we want to prevent this, then we have to work as hard and
as smart as the many people who are tackling Islamist
terrorist cells. It's no longer good enough to just do the
best we can with the boxes that vendors give us when
those boxes are so easily compromised and when there
is a community of people who are specifically targetting
those boxes, unlike in the past.
--Michael Dillon
More information about the NANOG
mailing list