[infowar.de] IT infrastructures could be battlefields of future wars

[Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>]

Der Text klingt am Anfang sehr reisserisch, behandelt dann aber das 
interessante Problem der zunehmenden Nutzung von Commercial-off-the-Shelf 
Software im Militär, die mittlerweile auch von US-Firmen in Indien, China 
und anderswo erstellt wird.
Ich sehe auch das allerdings nicht ganz so dramatisch:
"You don't expect the military to go to Home Depot to buy a [rocket 
launcher], but we expect them to go to Staples to buy software,"
... vielleicht für den Bürobetrieb, aber die Software für den Rocket 
Launcher wird bisher nicht von Microsoft oder Staples geliefert, oder? 
Bzw. wenn doch, dann von spezialisierten Abteilungen für den 
Rüstungsbereich, die sicherlich nicht in China sitzen.

Meinungen?

Ralf

--------------------

http://www.gcn.com/vol1_no1/daily-updates/36688-1.html

IT infrastructures could be battlefields of future wars

By Patience Wait
GCN Staff
08/17/05

HUNTSVILLE, Ala.- A professor from Auburn University has made the case
that the United States may face a war in the future in which not a
single shot is fired, but yet America loses.

There could be "pre-emptive achievement of military objectives
strictly by information warfare techniques," said John "Drew"
Hamilton, associate professor of engineering and director of the
Information Assurance Laboratory at the university.

Hamilton projected that such a conflict could take place by 2015 - the
time it would take to infiltrate computer development programs and
insert malware into operating systems, applications software, firmware
and hardware.

Acquisition trends in the military actually facilitate the possibility
of such a scenario, Hamilton added. "You don't expect the military to
go to Home Depot to buy a [rocket launcher], but we expect them to go
to Staples to buy software," he said.

Software developers have always written back doors into their code,
and even secure, partitioned systems such as the Secret IP Router
Network have them.

"I learned that when I got e-mail from Joint Forces Command to scan
their attachments" for viruses, Hamilton said.

The risk in pushing the use of commercial, off-the-shelf software is
compounded by private-sector outsourcing, he said. Microsoft Corp.,
for instance, has outsourced some programming tasks to China and
Russia.

Hamilton said that Dan Wolf, information assurance director of the
National Security Agency, told an academic group in June that "DOD
agencies have been outsourcing IT services to [Section] 8a firms that
are fronts for foreign intelligence agencies."

Nor is the problem limited to the Microsoft environment. Linux, touted
by open-source proponents, has its own vulnerabilities. "NSA [National
Security Agency] recompiled the kernel so you can't turn off [key]
logging, which is good for forensics," figuring out what happened
after the fact, Hamilton said.

Finally, the military has not made software a "core competency,"
according to Hamilton. "Some government agencies have contracted for
software code they don't own the rights for."

Hamilton suggested several steps that could be taken to pre-empt and
prepare for this kind of warfare, including reverse-engineering
software architecture to find weaknesses, identifying sensitive
parameters that can be exploited and looking for undocumented
functionality.

He also said that the Defense Department should stop funding
university research conducted by foreign nationals. Hamilton added
that this is not a xenophobic reaction, but a reasonable response to a
potential threat.


---------------------------------------------------------------------
To unsubscribe, e-mail: infowar -
de-unsubscribe -!
- infopeace -
de
For additional commands, e-mail: infowar -
de-help -!
- infopeace -
de