Information Warfare: Microsoft The Model

Archives

February 27, 2010:  Noting how effective Microsoft has been in automating computer security for hundreds of millions of unskilled PC users, the U.S. Department of Defense is increasingly creating custom versions of Windows operating systems and installing their own automated security features and automatic software updating systems. The reason for all this is that the Department of Defense cannot attract a sufficient number of security experts. The military has to compete with the commercial sector for these scarce security personnel, and with the shortage of such people, government pay and benefits cannot compete. But the government does have other resources, which make it possible to develop custom automated security systems.

For example, the NSA (National Security Agency) has worked with Microsoft on security aspects the new Windows 7 operating system. This is nothing new. Earlier, NSA worked with the U.S. Air Force and Microsoft to develop a special version of Windows XP, one that had over 600 operating system settings shut down or modified so that hackers had a harder time penetrating air force network security. Some of it was simple stuff, like ensuring that the highest level password (the admin password, which gives you access to everything) can never be the same as a lower level (user) password. The system is also modified to have passwords expire every sixty days, forcing users to create new ones. NSA also assisted in preparing a special version of Windows 7, which the air force began distributing this year.

The military has another advantage in that they can impose more discipline on how their personnel use their PCs and networks. This makes it easier to build in additional security features, and regularly update those items. The big weakness the Department of Defense networks have is their exposure to the Internet, which is awash in hackers and malware (software that will infiltrate PCs and steal your data). One solution to that has been the establishment of two large networks that use Internet software, but are closed to civilian users.

NIPRNET (Non-classified Internet Protocol Router Network) is the military network connected to the internet and has over three million servers. Although unclassified, NIPRNET contains a lot of logistics (supplies, including requests for stuff), personnel matters (addresses, phone numbers and even credit card numbers). Separate from NIPRNET is SIPRNET (Secure Internet Protocol Router Network). This net is not connected to the Internet and encrypts its data. This network is rarely attacked and penetrations are few, if any (all discussion of SIPRNET attacks are classified.)

The new Cyber War operations established by each of the services, and the Department of Defense overall, are meant to insure that NIPRNET and SIPRNET stay safe.

 

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close