It's the Architecture!

A simple mantra can change the course of history. “It’s the economy, stupid!” shifted the tide of a political race by keeping partisan foot soldiers focused on the critical issue of a campaign.           

This crude but highly effective approach might be just what U.S. federal information technology officials need. Those charged with managing the government’s information technology networks—its vital nervous system—should remind themselves, “It’s the architecture!” The present paradigm is hopelessly insecure and inefficient. No amount of federal largesse invested in the U.S. government’s current Web-based architecture will ever take the nation where it needs to be. As the old Yankee once told the bewildered New York tourist seeking directions to Kennebunkport, Maine, “You can’t get there from here.”

The architecture the government has today is not secure and will never be secure. Such a blunt statement might be expected to provoke a defensive response and a vigorous discussion in meetings with federal officials from the National Security Agency, the Office of the Director of National Intelligence, the Defense Information Systems Agency, the Office of the Secretary of Defense and elsewhere. Surprisingly, this ploy always fails for the simple reason that no federal official ever disagrees. Ironically, while everyone seems to agree that the emperor is naked, no one has clearly identified the requirement for developing and implementing a new model. Yet the current flawed architecture is the foundation upon which all federal organizations are building furiously: adding size, cost, complexity and risk.

The United States did not arrive at this juncture because its government consciously selected the present model from among a number of competing alternatives. The development of the Internet and Web-based technologies the nation is dependent on was overwhelmingly driven by consumer demands and commercial requirements. This is as it should be, but many government organizations, especially in the defense and intelligence communities, face more sophisticated threats and have distinctive missions and needs.

The U.S. Defense Department would not build a tank on a Chevy Tahoe frame, although the Tahoe is a versatile and affordable vehicle. Yet wholesale adoption of Web-based commercial technologies, with foreign hardware and software, has become the norm for critical Defense Department logistical and—in some cases—warfighting networks.  Fortunately, in the information technology realm, with a proper architecture that incorporates inexpensive, secure devices on much more rugged and intelligent networks, users potentially can have their cake and eat it, too.

Reportedly, the first step to overcoming addiction is to acknowledge the existence of a serious problem. In that regard, hearty congratulations should be extended to the commander of the U.S. Strategic Command, Gen. James E. Cartwright, USMC, who recently stated in testimony to Congress: “To date our time and resources have focused more on network defenses to include firewalls, antivirus protection and vulnerability scanning. While generally effective against unsophisticated hackers, these measures are marginally effective against sophisticated adversaries.” He also related that “the magnitude of cost in terms of real dollars dedicated to defensive measures, lost intellectual capital and fraud cannot be overestimated, making these attacks a matter of great national interest.”

Why is the present architecture so expensive and yet so hopelessly flawed?

First, in a Web-based model, remote devices connect directly to enterprises. Addresses on the Internet facilitate connections, but these signs are visible to friend and foe alike. Every Web site or static Internet protocol (IP) address becomes a potential target for hacking, spoofing and denial-of-service attacks.

The Defense Department spends hundreds of millions of dollars annually trying to police the gateways between the Web and the department’s nonsecure IP router network (NIPRNET). As noted by Gen. Cartwright, while this deters unsophisticated hackers, it is a futile defense against serious adversaries. And to make matters worse, the NIPRNET is connected to many more sensitive government networks. The present model is so weak that an enterprise has to open a connection before it can decide whether to reject it. These are deep and inherent flaws in the current paradigm.

Second, although it may be a futile gesture, each of these innumerable government IP addresses must be heavily defended not only at the edge of the network but also on every connected PC and server. Yet a vast organization such as the Defense Department has never had, and never will have, 100 percent compliance with all of the patches, upgrades, installations and configurations required to defeat recognized threats—much less those of a knowledgeable opponent.

In the nearly 10 years since the Defense Department implemented the Information Assurance Vulnerability Alert process to send alerts and monitor compliance with security fixes, there has never been anything approaching 100 percent compliance. Too many busy young soldiers, sailors, airmen and Marines compose the user community. To ensure compliance, Defense Department civilians and contractors at too many places would have to implement too many complex information technology policies and procedures flawlessly. One critical objective of a new architecture should be to lighten the burden the present model imposes on busy troops and all other federal employees.

Third, the current architecture is teeming with open input-output devices that make networks, even classified air-gapped networks, vulnerable to thousands and even hundreds of thousands of cleared insiders. Yet every intelligence agency and military department has been badly and repeatedly burned by U.S. citizens acting as agents of foreign powers, resulting in roughly 100 espionage convictions over the past 25 years. Most of these agents operated for years before they were detected, and almost all were volunteers.

The problem is becoming more acute as adversaries recognize that U.S. networks are a vulnerable and potentially disabling center of gravity. For example, many defense officials have multiple classified and unclassified computers in the same room, often on the same desk, all with open input-output devices. These individuals have few constraints to prevent them from downloading and moving data across and among networks with different levels of classification. The problem is not only the data that can be stolen or compromised but also the potential for malicious code to be uploaded to compromise, corrupt, degrade or destroy critical networks. 

The insider threat in a networked environment has the potential to be especially devastating. Some in the Defense Department describe the classified networks as “crunchy on the outside; soft and chewy on the inside.” Espionage has been a fact of life from the American Revolution, with individuals such as Benedict Arnold and Dr. Benjamin Church, to the Manhattan Project era, with Klaus Fuchs and Julius and Ethel Rosenberg, to the present day with notorious names such as Aldrich Ames, Robert Hanssen, Brian P. Regan, Jonathan Pollard, John Walker Jr. and Ronald Pelton. Mitigating this threat must be another requirement of a new architecture.

Fourth, too many devices exist in too many places with too much data. Last year an estimated 1.7 million laptops were stolen, including some with vast quantities of personal information on U.S. citizens, including Social Security numbers and dates of birth. And every time remote users connect to government networks there is the potential to upload malicious code, either wittingly or unwittingly.

The myriad of problems stemming from the present model requires not only new capabilities but also a new architecture. Otherwise, the government merely is adding more horsepower and armor to a Tahoe chassis.

Solutions are feasible if the nation recognizes the need for change. Fortunately, the bandwidth limitations that forced the commercial adoption of the PC/Web model in the 1980s and 1990s are steadily disappearing. Local storage, processing and manipulation were imperative in the days of dial-up access, but that era is rapidly receding if not entirely gone. President George W. Bush has expressed support for broadband access for all Americans. Although the United States still lags most developed countries, broadband access already is available to more than 60 percent of U.S. homes and more than 85 percent of U.S. businesses.

This growing capacity offers more than a way to move files faster: Entirely new architectures are now possible. For example, a small start-up company has developed networks where pixels move instead of data, where firewalls can be completely closed to inbound traffic and where data never resides on devices yet is readily accessible. Other companies also are exploring wholly new architectures, and more will do so if the government identifies a clear requirement for the technology.

Gen. Cartwright has put the Defense Department, Congress and the public on notice that the nation has a serious problem. That is an important first step. Fortunately, with increased bandwidth, the U.S. government can implement new models that are far more secure and efficient than the present paradigm. With a better architecture, the government can save lives and money and avert the disasters that are otherwise inevitable.

Christopher K. Mellon is president of Mellon Strategic Consulting LLC and the former deputy assistant secretary of defense for security and information operations.