Just now got to looking at this morning’s Wall Street Journal, and I see they have another disturbing report about U.S. counterintelligence fecklessness.
Last week, it was Chinese and Russian spies probing our electricity grid to figure out how to shut in down in case of war.
This week, the WSJ reports that Chinese (probably) hackers have done the following:
WASHINGTON — Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks.
Similar incidents have also breached the Air Force’s air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad…
The good news, to the extent that there was any, was that “while the spies were able to download sizable amounts of data related to the jet-fighter, they weren’t able to access the most sensitive material, which is stored on computers not connected to the Internet.”
Well, duh. So we actually took steps to defend SOME of our most sensitive national security data. Yay for our side.
But beyond that, we’re looking pretty pathetic.
The Internet is not appropriate for a lot of applications which run on it.
Microsoft is not an appropriate environment for many of the business applications running on it.
Every young programmer and manager today thinks they have to run everything as a web application. They have so many tools for development that will get something out there, that most of them never put a thought into security.
Frankly, most web applications are inferior to text-based user terminal applications, in ease of use, control of the business process, and in security.
With all the money invested by the Air Force in developing its own standards for Electronic Data Interchange of specifications with suppliers, there is no excuse for having any of them in human readable form, available on the Internet.
I totally agree with Lee. Most people don’t realize that the most insecure place is the internet to post or run applications with sensitive information. This simple fact alone should be sufficient reason to never allow on-line voting at any level for public office much less leaving open the possiblity of compromising national security information.
Security is an illusion and there is no such thing as a hacker proof system unless you are operating totally offline. Every system has a backdoor and with sophisticated programs specifically designed to “probe” for openings, the WSJ article was no surprise.
I would imagine that our side is engaged in the same type operations trying to break into their systems for information unless it would be considered unconstitutional by the current administration.