Information Warfare: Russia Builds A Better SIPRNET


December 2, 2016: Russia recently revealed that it had created a separate, encrypted Internet for its military. They call it CTDT (Closed Data Transfer Segment) and it was tested in combat for the first time this year in Syria. This is similar to the classified Internet used by the American military. The U.S. Department of Defense has two private Internets (using Internet technology, but not directly connected to the public Internet). NIPRNET (Non-classified Internet Protocol Router Network) is unclassified, and the primary network for American military personnel. SIPRNET (Secure Internet Protocol Router Network) is classified, and all traffic is encrypted so you can use it to send top secret stuff. NIPRNET is the largest private network on the planet, with over four million authorized users and over three times as many devices (PCs, and other electronic equipment) connected. If this sounds vague, it is, because NIPRNET has grown steadily, since it was created (from the earlier MILNET) in the 1980s.

In 2010 the U.S. Department of Defense is spent $10 million to have a civilian firm create a roadmap for NIPRNET. This was an admission that that, in effect, NIPRNET had gotten a little out of control and the roadmap program was meant to find out how big it has gotten, and exactly what was in there. The survey also sought to find any instances where unauthorized users had quietly joined the net. This was suspected and the survey was the start of a major effort to clean interlopers out. The survey also looked for weakness in security. The Department of Defense has made several major efforts since 2005 to improve network security. But those efforts also revealed that weaknesses can show up in the strangest places and that was another reason to keep many aspects of the investigations and subsequent fixes secret.

Russia has apparently learned from American problems with SIPRNET and got a major assist from a former NSA contractor, Edward Snowden, who had access to SIPRNET and stole large quantities of classified data from it and then fled to Russia. Because of that and what else Snowden told Russia about SIPRNET, CTDT has a lot of additional security built in. Russia has not provided details but using CTDT in a combat zone for over a year was a challenge to the Americans and Israelis to have a crack at penetrating the new Russian network. Nothing to report on that front, which is not to say anything has happened. In situations like this details become public much later.

Meanwhile the Department of Defense continues efforts to keep SIPRNET secure. You could say that effort got into high gear during 2008 when the Department of Defense banned the use of USB data devices (thumb drives) on their computers. This was all because they were having more problems keeping hackers out of its private Internet. But a year later the USB devices were allowed back, but only if they use new versions that have security built in. Military network software was modified to recognize the secure USB memory sticks (and so on), and continue to block unauthorized devices.

The original panic came about this began when a worm program got on to SIPRNET via a USB device. The problem in question was hacker programs ("worms") that automatically copy themselves to rewritable CDs and DVDs as well as memory sticks. Then, the next time CD/DVD/memory stick is read by another program, the "worm" program copies itself onto that computer, and tries to secretly take over, and enable hackers to gain access and steal stuff. This stuff is so scary that the military promptly told troops to not use memory sticks on military computers. This caused problems in the combat zone, where there is not a lot of bandwidth (Internet capacity) for moving information around. Troops prefer to keep a lot of stuff on memory sticks. When the troops rebelled against these restrictions, some units physically sealed USB ports on some machines. But, in the end, the troops won this round.

These worm programs could do all sorts of damage on the closed SIPRNET, and even presented the possibility of getting secret information off the "secure" net (by copying data to a hacker program that then attempts to copy itself to other memory devices, and then PCs hooked up to the Internet, and then transmit the secret stuff back to the hacker, or spy.)

Before the Internet came along, programs that automatically copied themselves were a common method for viruses and other malware to get around (slowly, but the stuff did travel that way.) NIPRNET is also vulnerable. Even though the Department of Defense installed new hardware (special routers, for example) and software to increase security, the worms were still getting in. Oddly enough the Department of Defense does not appear to have paid as much attention to a user simply copying data from SIPRNET and delivering the material to someone not authorized to have it.

The military is a big user of the public Internet from the beginning and they have discovered that most of the intrusions (hacks and viruses) are the result of poor configuration (not keeping the hardware and software set up correctly to defeat known vulnerabilities), or not installing patches and security update in time. The rest of the intrusions come from more mundane problems, like using an easily cracked password, or no password at all. Network security has always been a people problem, and these recent incidents are a sharp reminder of that.

It's easy for troops to be doing something on SIPRNET, then switch to the Internet, and forget that they are now on an unsecure network. Warnings about that sort of thing did not cure the problem. The Internet is too useful for the troops, especially for discussing technical and tactical matters with other soldiers. The army has tried to control the problem by monitoring military accounts (those ending in .mil), but the troops quickly got hip to that, and opened another account from Yahoo or Google, for their more casual web surfing, and for discussions with other troops.

The Internet has been a major benefit for combat soldiers, enabling them to share firsthand information quickly, and accurately. That's why the troops were warned that the enemy is actively searching for anything G.I.s post, and this stuff has been found at terrorist web sites, and on captured enemy laptops. In reality, information spreads among terrorists much more slowly than among American troops. But if soldiers discuss tactics and techniques in an open venue, including posting pictures and videos, the enemy will eventually find and download it. The terrorists could speed up this process if they could get the right hackware inside American military computers. But right now, the enemy just Googles for useful chatter from Western troops.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close