Network security can be compared to the care and feeding of a garden. Perpetual care is necessary in applying all of the security measures?anti-virus software and routinely released ?patches??to prevent disasters and to correct network vulnerabilities.
Last year, the computer network that processes border security around the country from the US-VISIT program (WAR Report and WAR Report) suffered a major vulnerability, which led not only to long lines in three major cities but also officials being forced to process foreign visitors manually or via back-up computers. The incident was a major disaster and an issue that could have been prevented.
Wired Magazine, in an effort to investigate the system failure, obtained six pages of heavily-edited government documents only after an initial FOIA request was rejected and a federal lawsuit was filed against the US Customs and Border Protection, (CBP). Initial statements from DHS stated that the failure was the result of a computer virus. Later reports from DHS officials reversed initial statements and stated it was a system failure. As a result of the court order, CBP released six pages of heavily-redacted documents.
US-VISIT is comprised of a jumble of archaic mainframes in the backend, and the front end employs the Windows 2000 operating system. The workstations were installed in close to 300 seaports, airports, and border security offices around the country. A schematic of the network system is available here.
In two reports from CBP, the Internet worm Zotob made its way into agency computers the day of the network breakdown. The incident initiated a fast paced effort to patch US-VISIT Windows-based workstations around the country. Howard Schmidt, former White House cybersecurity advisor, stated that the incident is typical in a huge agency that uses complex networks and archaic equipment and counters evolving threats. “We’ve got catching-up to do in all areas, particularly areas having to do with national security and public safety,” says Schmidt. “I hope you and I, 10 years from now, look back and say, ‘Wow, I’m glad we survived that.'”
The US-VISIT program has cost taxpayers $400 million. The purpose of the program is to gather biometric information from foreign nationals and compare it to government terrorist watch lists. The program has seen a steady amount of negative comments over management issues (Documents) from congressional auditors, and the DHS Inspector General stated that the program employed system-wide might be susceptible to hackers.
When Microsoft announced the vulnerability in August 2005, it took DHS/CPB almost a week to start pushing the patch to be used on the nearly six-year old Windows operating systems. The US-VISIT program workstation includes fingerprint scanners, digital cameras, and passport scanners that caused officials delays to begin the patch due to concerns that it would cause disruptions. “The push was not made to the US-VISIT workstations during the initial install due to concerns with the possible impact of the patch on the unique workstation configurations,” reads one of the CBP reports.
Security experts stated that the officials were not unreasonable in wanting to test the patch before installation. However, hundreds of computers networked to intelligence and law enforcement computers were left with a ?critical? vulnerability, allowing attackers to control machine remotely. When Zotob virus hit the US-VISIT terminals, personnel scrambled to start the install of the patch, while at the same time, computers were failing around the nation from the virus.
The six pages of reports requested by Wired were not let go very easily by DHS. The redacted pages were not specific as to whether the patch caused system shutdowns or the process involved with the install. For example, one sentence reads, “Initial reports confirmed that the US-VISIT workstations were [redacted] impacted” by the virus. The blacked-out portion might as easily read “severely” as “not.” Other pages illustrated the public Microsoft security bulletin (MS05-039) with the number blackened out.
But, more troubling was that the pages did not illustrate if the Zotob virus made its way onto the secure CBP network from an obvious path that only shows that computers utilized in protecting US borders are accessible from the Internet and open to major compromise and tampering. “That machine was reachable from some network, that was connected to some other network, that was connected to the Internet,” says Tim Mullen, a Windows security expert and CIO of security firm AnchorIS. “There was some series of connections that manifested itself in those machines getting compromised.”
The US-VISIT program is both worthwhile and necessary to protect our borders. But a complete upgrade on equipment system-wide is necessary to bring the technology up to date so these types of issues do not happen again. Antiquated technology only serves as a deterrent from employing an efficient computer network where sensitive information to aid national security is kept safe and secure.