On 8/18/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
Did you see what the GAO found when they audited the US-VISIT network? The summary is at http://www.washingtonpost.com/wp-dyn/content/article/2007/08/02/AR2007080202...; the full report is at http://www.gao.gov/new.items/d07870.pdf
As usual with security, it's a tradeoff between goals, threat models, economics, and competence. While the goals of the system, as identified by the GAO, include a brief phrase about "facilitate legitimate travel and trade", the rest of the report appears to entirely ignore it. It focuses on attackers, and bad guys trying to get in, and the closest the report gets to anything about reliability or business continuity is a bit about preventing attackers from carrying our denial of service attacks. Given the ability of one bad network card to take down the network, and given a set of operational plans that keeps incoming international travelers confined to their airplanes for hours at an airport the size of LAX which handles a lot of connections between international and domestic or other international flights, it appears that the designers of both the technical and operational sides are also ignoring the goal of facilitating legitmate travel and trade. I can't say I'm surprised, either. While treating travellers well probably won't be one of their goals until there's a major change in government philosophy, perhaps they can improve service by anthropomorphizing those evil terrorists named "Father Time", "Murphy", "Router Bugs", and "Bubba the Backhoe Driver". Certainly the operational side didn't have processes for supporting travellers with reasonable-looking papers in the event of a computer failure. About two decades ago there was a network failure that took out all three New York City area airports, caused by one guy with wire cutters who was in the wrong manhole in Newark. If they FAA had a set of dial backup modems at each of the airports, they could have worked around it, but they believed strongly that the shared civilian infrastructure wasn't reliable enough and they needed to have dedicated systems just for air traffic control. ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.