In response to this article’s premises,
1. U.S. networks are built on “inherently insecure architectures with increasing use of foreign-built components.”
2. “Protecting all military systems from advanced cyber attacks is neither feasible nor affordable, the report states. Accordingly, having a critical set of segmented conventional systems will allow the United States to continue to deliver vital mission capabilities even under a catastrophic attack.”
The commercial transport network today is almost entirely designed, built and operated by foreign nationals. This situation was driven by large commercial corporations zeal to make money at any cost, while lobbying their government to eliminate the security requirements for government networks and computers. As a result of this fact, fewer US citizen technical workers are today capable of designing systems that can be made secure, and the government steadfastly refused to fund any efforts to create networks and computers that can be made secure. The holy grail answer (this year’s hype or fad) is build it in the cloud, get everybody dependent on a network service provider set that is sure to be owned by the oligopoly of the tech giants and outsourced overseas (say to Russia and China?).
I assume these “conventional systems” are tube based HF radio nets with modern radio and crypto technology and morse code key capabilities to survive and operate after the EMP pulse delivered on the next war zero day?
If you think you are going to use COTS based Microsoft, Cisco, Oracle, Google and Open Source Linux systems software, don’t bother. All of the proprietary products have been reengineered by now, and the open source products are available to plan and execute application attacks. The discovered but secret zero day vulnerabilities are sold to the top bidder (i.e. China via a dark net) and transported over Chinese monitored COTS networks, don’t spend any more money on COTS solutions that don’t work.
Congress and the NSA have announced several programs to shutdown “stove pipe encryption development” so as to save money, exactly when it is needed to provide a secure distributed architecture with a US citizen workforce based non-COTS supply chain. That security has to include the entire supply chain or you are just wasting time. The government needs to look at the potential loss versus the cost of doing the same thing (COTS uber alles) and expecting different results. The emperor has no clothes.
More information about text formats