Originally published at: https://boingboing.net/2018/06/23/gone-gone-pentagon.html
…
Doesn’t really make sense to me. Doesn’t “air gap” just mean you have no physical connection to the public network? How is this a “cutting-edge security feature?” And as I understand it, this alone is not sufficient to work on classified projects. For a top-secret project you need a whole isolated area with physical as well as technical security measures.
“I do question whether or not that’s useful security.”
Roger That!
I’m no longer an engineer, but I would imagine most systems today are so dependent on internet connectivity that it takes some finesse to build a working system without it.
I’m more interested in the moral question: Is it wrong to participate in any military engineering? Is it better if it’s surveilling citizens, or worse? Is it worse under Trump?
It isn’t in this context and isn’t a real airgap (which is what you describe). It means the customer’s LAN or cloud on Google’s premises is not connected to Google’s larger network and cloud. As the story describes, it’s basically there to make the customer feel special and important.
While there are small security benefits from this setup you could get the same “cutting-edge” security with other measures that don’t cost as much in dollars or efficiency (the former are rounding errors for the military-industrial complex or investment banks, and the latter isn’t much more important to them).
The main benefit from this “airgap” product seems to be a red flag for Google engineers with ethics to identify projects to avoid.
That is the original and obvious meaning, yes. In the snake-oil-rich world of IT security, the term is so ridiculously abused that it doesn’t really mean anything, and the article doesn’t clarify anything by simply referring to “air-gap technology”.
The basic idea, which even procurement decision-makers can understand, is that a computer cannot be hacked over the internet if it doesn’t have a network connection. But a computer without a network connection isn’t very useful (especially if its purpose is to, you know, communicate with clients). But when smart-feeling managers demand an “air gap”, vendors aren’t going to say no, so instead they sell them a firewall, or software that tries to stop people using USB drives, or a robot that unplugs an ethernet cable at night or whatever, and tell them that’s an air gap.
It’s dumb because if you assume that any network of hundreds of computers is reliably “air-gapped”, that’s the very definition of a false sense of security. Besides, there’s a strong argument that even a truly air-gapped computer is not all that secure, because you can’t remotely patch it, or remotely detect that someone’s been downloading its hard disk through a 4G dongle the cleaner plugged in 18 hours ago.
I would bet that Google engineers saw the technical requirements for this “air-gapped” government system as insultingly dumb, and that contributed to them refusing to work on it and being applauded for doing so by Google’s culture.
No, but it also refers to “cloud engineers” so it is fairly safe to assume we aren’t talking about a setup with the likely attacks narrowed down to sneaker net and Lady Gaga CDs.
(Edited to be a more concise statement.)
11 posts were split to a new topic: One life. Cost: Unknown. Effect: Global?
How does Google work on projects not connected to the Internet, when everything they do is connected to the Internet?
(I’m not really serious. It just seems bizarre.)
I am not familiar with the requirements for this particular project, but given that Google’s primary expertise is analysis of data, and the military has been needing help with that since, oh, forever, the air-gapped system in question is likely a request for Google’s technology in a form that can be implemented in an isolated instance. E.g. a portable disconnected reconnaissance station capable of analyzing drone video feeds in real-time.
These employees certainly faced a dilemma: “do we work on this tech that potentially has a military application and further our careers, or do we stand our ground and risk our careers/future in this industry?”
Kudos to the Group of Nine for standing strong (see anyone who works for ICE or DHS, it can be done).
It’s probably easier for these guys to do it, since techies skew fairly liberal; a bleeding-heart reputation would close some doors but open others. I’m not sure exactly what transferable skills an ICE/DHS agent has, but I wouldn’t be surprised if they’re mostly related to government or security work, where a reputation like that could really hurt.
In this case, it is marketing speak. A traditional air gap is obviously incompatible with cloud computing, so they invented some suite of security practices that they market as air gaped becasue that phrase makes certain people (especially military / intelligence types) feel good, but they still want the convenience of having external people manage their IT infrastructure.
In particular, I think “air gap” here means a bunch of stuff like having dedicated hardware and network links within the operators data center. These “isolated” clusters would have dedicated independent copies of any internally needed services (say tings like DHCP, storage servers, network boot servers, authentication servers, management and monitoring services), and their traffic would be routed through a dedicated front end that then is connected to the customers network via some sort of VPN.
These dedicated links are still probably defined by software, at least at the network switch level, using things like VLANs or “software defined networking” to achieve the isolation. And since after traveling through the front end node, the traffic flows on the public internet, it is not actually air gapped. It does reduce the commonalities and attack surfaces somewhat
That’s an entire sub-discipline of ethics academia you’ve got hold of there. Have a dig into the literature and you’ll find detailed arguments supporting every possible answer to those questions.
Talking to some historians as well might be useful, though.
I used to work with one of Von Braun’s grandkids, BTW. He was a flaming arsehole of a man; took after his grandfather in that respect.
.
Back to serious, though: see also the history of the Japanese WWII biowar program, and what happened to it post-war.
From Michael Pembroke’s Korea: Where the American Century Began.
People make their lives really matter by taking such ethical positions. The U.S. military certainly doesn’t need help killing more people, especially from some of our brightest engineers. Google makes plenty of money doing good things for society, it doesn’t need to be sullying its reputation by collaborating with the military.
I’m entirely open to the possibility Wehrner Von Braun was also a flaming arsehole (personality-wise in addition to his working for the Nazis), but as far as a I know, being an arsehole isn’t genetic. Lots of acorns manage to fall quite far from the tree, for the better or the worse.
Ever seen this?
The first few minutes are sufficient to get the gist.
I have. I did rather a lot of research on biochemical warfare a couple years ago when I was working on a story extrapolating it into a dystopian future.