Barnett and Berman Network Security (CompSci And PoliSci Makes NetSci)

Life After DoDth or: How the Evernet Changes Everything,” by Thomas P.M. Barnett, Proceedings of US Naval Institute, May 2000, http://www.thomaspmbarnett.com/published/ladod.htm.

The Death of a Firewall,” by Stuart Berman, Network Magazine, 1 June 2005, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=163700676 (from My Kids’ Dad).

In an article discussing how to “maintain and protect our economic networks with the outside world,” geostrategist proposes a “Department of Network Security” (DNS) that will tackle international organized crime, insurgencies, and terrorism. DNS will partially replace the Department of Defense, with the other end being in the Department of Global Deterrence (DGD) . In his words,

First the unpleasant truth: the Department of Defense’s raison d’être died with the Cold War. No one likes to talk about it, but that’s what happened. Created in the National Security Act of 1947, the DoD is wholly a creature of what eventually became the United States’ hair-trigger during the nuclear standoff with the Soviet Union. Prior to that, we basically stuck to the Constitution’s mandate to “provide and maintain a Navy” on a constant basis and to “raise and support Armies” as the situation demanded.

But that strategy died with the start of the globalization era. Now, security rationales are subordinate to economic imperatives. So why haven’t we seen, as Joseph Nye might say, the “return of history” in the U.S. national security establishment?[2] Why haven’t we repealed the 1947 National Security Act and thrown away this outmoded unification of two defense concepts [meaning, “Why haven’t be eliminated the Department of Defenset?” – tdaxp] that constantly compete against one another—to the detriment of both?

DNS will discard the traditional notion of military service separate from civilian life. For most personnel, it will adopt a consultancy model, whereby the agency rents career time versus buying entire lifetimes (essentially the National Guard model). DNS’s officer corps will remain career managers, but with frequent real-world tours of duty in technology, industrial, and business fields. This organization will be networked in the extreme, because networks will be what it is all about. This means no separate legal system and the end to posse comitatus restrictions.

Posse Comitatus is the federal law that ended Reconstruction by preventing the military from protecting democracy in the Southern States. The Posse Comitatus Act was the first capitulation of the United States in a War on Terrorism. Barnett, foreseeing a new Global War on Terrorism, realized that it must end if we are to have network security

Stuart Berman of MKD has his own thoughts on network security:

Three years ago, I proposed to our technology architects that we eliminate our network firewalls. Today, we’re close to achieving that goal. Back then, I thought that network-based firewalls were losing their effectiveness, enabling a mind-set that was flawed. Today, I’m certain.

Perimeter security was originally intended to allow us to operate with the confidence that our information and content wouldn’t be stolen or otherwise abused. Instead, the firewall has slowed down application deployment, limiting our choice of applications and increasing our stress.

To make matters worse, we constantly heard that something was safe because it was inside our network. Who thinks that the bad guys are outside the firewall and the good guys are in? A myriad of applications, from Web-based mail to IM to VoIP, can now tunnel through or bypass the firewall. At the same time, new organizational models embrace a variety of visitors, including contractors and partners, into our networks. Nevertheless, the perimeter is still seen as a defense that keeps out bad behavior. Taking that crutch away has forced us to rethink our security model.

Our new security posture gives our users access to more applications regardless of their location and without sacrificing security. The new security architecture isn’t focused on our network firewall. Instead, we embed security within our internal network. This begins with separating our servers from our clients. We can do that now, thanks to layer-3 data center switches that allow for the low-cost creation of subnets. By defining simple ACLs, we further isolate our backend servers.

While Barnett is talking about geopolitical network defense, and Berman is talking about I.T. network defense,both thinkers are analyzing network defenses and both come to the same conclusion: we can no longer trust a border to protect us. In a world where we need to increase “connectivity with the outside world” (in Barnett’s words), trusting a “perimeter” to “keeps out bad behavior” is a “crutch” (Berman’s terms).

Stuart Berman talks about putting “security within our internal network” (emphasis mine). Barnett talks about ending the “traditional notion of military service separate from civilian life.” Same thing.

Turns out my two programs of graduate study, Computer Science and Politican Science, aren’t so different after all.

Computer Science + Political Science = Network Science.

Leave a Reply

Your email address will not be published. Required fields are marked *