[83072] in North American Network Operators' Group
DARPA and the network
daemon@ATHENA.MIT.EDU (Michael.Dillon@btradianz.com)
Thu Aug 4 09:20:54 2005
To: nanog@merit.edu
From: Michael.Dillon@btradianz.com
Date: Thu, 4 Aug 2005 14:20:46 +0100
Errors-To: owner-nanog@merit.edu
Since the modern military runs on networks, DARPA funds various
programs to make networks better and more secure. One of these
was CHATS. Here is the business case taken from the DARPA
budget justification:
------
The Composable High Assurance Trusted Systems (CHATS) program
is developing the tools and technology that enable the core network
services to be protected from the introduction and execution of=20
malicious code or other attack techniques and methods. These=20
tools and technologies will provide the security services needed=20
to achieve comprehensive-secure, highly distributed, mission-critical=20
information systems for the DoD. A unique feature of CHATS is that=20
these system capabilities will be developed by engaging the=20
open-source community in security functionality for existing=20
open-source operating systems. Additionally, DARPA will=20
engage the open-source community in a consortium-based=20
approach to create a ?neutral?, secure operating system=20
architecture framework. This security architecture framework=20
will then be used to develop techniques for composing OS=20
capabilities to support both servers and clients in the increasing=20
network-centric communications fabric of the DoD. In FY 2003 the
CHATS program will move to project ST-24 in this program element.
------
For a time, DARPA even funded the ongoing work of the OpenBSD
team but political disagreements over the Iraq war scuttled that=20
work. In roughly the same time frame, there was a project called
LSAP (Linux Security Audit Project) that attenmpted to extend
the methodology of OpenBSD to Linux. This was succeeded by
Sardonix which attempted to create a register of all audited open
source software. For various reasons both of these projects fizzled.
So why did OpenBSD succeed in their rigorous audit process?=20
I believe it is because there was a firm hand at the helm who was
able to keep them focused on their non-profit goal, namely
secure operating software. Now corporations do share one
characteristic with OpenBSD which should allow them to be=20
able to succeed in the same way. They have firm hands at the
helm. However, they also have the profit motive and it is often
possible for corporations to avoid security issues in their=20
systems and make profits anyway. That's where NANOG
comes in. We are the customers of the router and switch
manufacturers. We have the ability to tie the corporate profit
motive together with a security imperative.
I know that people on this list would rather talk about how=20
to tweak the boxes and protocols to do the best with what
we have available, but I think times have changed. The
global community of hackers is our Al Qaeda, a leaderless
mob that wants to break the network and control the network.
If we want to prevent this, then we have to work as hard and
as smart as the many people who are tackling Islamist=20
terrorist cells. It's no longer good enough to just do the
best we can with the boxes that vendors give us when
those boxes are so easily compromised and when there
is a community of people who are specifically targetting
those boxes, unlike in the past.
--Michael Dillon
