North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

DARPA and the network

  • From: Michael.Dillon
  • Date: Thu Aug 04 09:21:44 2005

Since the modern military runs on networks, DARPA funds various
programs to make networks better and more secure. One of these
was CHATS. Here is the business case taken from the DARPA
budget justification:
The Composable High Assurance Trusted Systems (CHATS) program
is developing the tools and technology that enable the core network
services to be protected from the introduction and execution of 
malicious code or other attack techniques and methods. These 
tools and technologies will provide the security services needed 
to achieve comprehensive-secure, highly distributed, mission-critical 
information systems for the DoD. A unique feature of CHATS is that 
these system capabilities will be developed by engaging the 
open-source community in security functionality for existing 
open-source operating systems. Additionally, DARPA will 
engage the open-source community in a consortium-based 
approach to create a ?neutral?, secure operating system 
architecture framework. This security architecture framework 
will then be used to develop techniques for composing OS 
capabilities to support both servers and clients in the increasing 
network-centric communications fabric of the DoD. In FY 2003 the
CHATS program will move to project ST-24 in this program element.
For a time, DARPA even funded the ongoing work of the OpenBSD
team but political disagreements over the Iraq war scuttled that 
work. In roughly the same time frame, there was a project called
LSAP (Linux Security Audit Project) that attenmpted to extend
the methodology of OpenBSD to Linux. This was succeeded by
Sardonix which attempted to create a register of all audited open
source software. For various reasons both of these projects fizzled.

So why did OpenBSD succeed in their rigorous audit process? 
I believe it is because there was a firm hand at the helm who was
able to keep them focused on their non-profit goal, namely
secure operating software. Now corporations do share one
characteristic with OpenBSD which should allow them to be 
able to succeed in the same way. They have firm hands at the
helm. However, they also have the profit motive and it is often
possible for corporations to avoid security issues in their 
systems and make profits anyway. That's where NANOG
comes in. We are the customers of the router and switch
manufacturers. We have the ability to tie the corporate profit
motive together with a security imperative.

I know that people on this list would rather talk about how 
to tweak the boxes and protocols to do the best with what
we have available, but I think times have changed. The
global community of hackers is our Al Qaeda, a leaderless
mob that wants to break the network and control the network.
If we want to prevent this, then we have to work as hard and
as smart as the many people who are tackling Islamist 
terrorist cells. It's no longer good enough to just do the
best we can with the boxes that vendors give us when
those boxes are so easily compromised and when there
is a community of people who are specifically targetting
those boxes, unlike in the past.

--Michael Dillon