Information Warfare: Microsoft The Model


February 27, 2010:  Noting how effective Microsoft has been in automating computer security for hundreds of millions of unskilled PC users, the U.S. Department of Defense is increasingly creating custom versions of Windows operating systems and installing their own automated security features and automatic software updating systems. The reason for all this is that the Department of Defense cannot attract a sufficient number of security experts. The military has to compete with the commercial sector for these scarce security personnel, and with the shortage of such people, government pay and benefits cannot compete. But the government does have other resources, which make it possible to develop custom automated security systems.

For example, the NSA (National Security Agency) has worked with Microsoft on security aspects the new Windows 7 operating system. This is nothing new. Earlier, NSA worked with the U.S. Air Force and Microsoft to develop a special version of Windows XP, one that had over 600 operating system settings shut down or modified so that hackers had a harder time penetrating air force network security. Some of it was simple stuff, like ensuring that the highest level password (the admin password, which gives you access to everything) can never be the same as a lower level (user) password. The system is also modified to have passwords expire every sixty days, forcing users to create new ones. NSA also assisted in preparing a special version of Windows 7, which the air force began distributing this year.

The military has another advantage in that they can impose more discipline on how their personnel use their PCs and networks. This makes it easier to build in additional security features, and regularly update those items. The big weakness the Department of Defense networks have is their exposure to the Internet, which is awash in hackers and malware (software that will infiltrate PCs and steal your data). One solution to that has been the establishment of two large networks that use Internet software, but are closed to civilian users.

NIPRNET (Non-classified Internet Protocol Router Network) is the military network connected to the internet and has over three million servers. Although unclassified, NIPRNET contains a lot of logistics (supplies, including requests for stuff), personnel matters (addresses, phone numbers and even credit card numbers). Separate from NIPRNET is SIPRNET (Secure Internet Protocol Router Network). This net is not connected to the Internet and encrypts its data. This network is rarely attacked and penetrations are few, if any (all discussion of SIPRNET attacks are classified.)

The new Cyber War operations established by each of the services, and the Department of Defense overall, are meant to insure that NIPRNET and SIPRNET stay safe.



Article Archive

Information Warfare: Current 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close