$400 million network upgrade for the Pentagon

Before now, I haven't seen any verifiable statements about how the
networking infrastructure in the Pentagon was affected by the attacks
last year. Not to diminish the loss of life, which was tragic, but
networking people might be interested in this.

Building a surviable network in such a small area, relatively speaking the
Pentagon is small, is a much harder problem than diversity on a regional
or even national network.

http://www.fcw.com/fcw/articles/2002/0812/news-dod-08-12-02.asp

  "Among the problems DOD encountered Sept. 11 was a computing environment
  with many points of failure -- applications or databases that, if
  removed, could not be recovered and critical network links that, if
  down, could not be worked around.

  DOD officials have said that the terrorist attacks were a dramatic
  wake-up call. The attacks severed one of the Pentagon's main
  communications lines and destroyed some Army and Navy servers."

Building a surviable network in such a small area, relatively speaking the
Pentagon is small, is a much harder problem than diversity on a regional
or even national network.

  Keep in mind that it was DARPA that funded the original research on what we now call the Internet. There are plenty of clueless morons in the building (the one with four sides and a spare), but there are also some exceptionally sharp people.

http://www.fcw.com/fcw/articles/2002/0812/news-dod-08-12-02.asp

   "Among the problems DOD encountered Sept. 11 was a computing environment
   with many points of failure -- applications or databases that, if
   removed, could not be recovered and critical network links that, if
   down, could not be worked around.

  Perhaps true for the unclassified systems. But then they're not really that critical to the real day-to-day operations. Moreover, where the plane struck is not the side where the majority of this kind of networking is done.

  I worked there for about five years. I know where a lot of the unclassified networking was done, and I know where a fair amount of the classified processing was done. The classified areas were not in any danger from the airplane attack.

The Department of Defense does posses allot of "network disorganization"
mostly on the NIPERNET side.

     Allot of the NIPERNET "unclassified" network is just plain unruly at
it's best (I left the military in 2000, so maybe things have changed). Any
shop with their ADP or IT staff can practically get a server up and running,
build intranets, databases, etc. without practically anyone raising an
eyebrow, this is at the command level.
     Allot of these systems are non-redundant, and pose single points of
failures, etc, but again this is at the command level.
     After moving along the ranks, from a lowly seaman recruit running AUI,
cat V, and fiber cabling on an aircraft carrier, to a Third Class Petty
Officer stationed at The Unified Atlantic Region Network Operations Center
in Norfolk, VA. I learned that this is not the case for Mission Critical
systems, or for the SIPERNET "classified network".
      As Brad also stated the same.
      All I can say is this, and any ex-RM can say the same (Well RM's are
extint now they are IT), I never worked in a building that had any windows,
and that could not stand a very good shaking, that is, if it wasnt
underground in the first place.

Gerardo

> Building a surviable network in such a small area, relatively speaking the
> Pentagon is small, is a much harder problem than diversity on a regional
> or even national network.

  Keep in mind that it was DARPA that funded the original research
on what we now call the Internet. There are plenty of clueless
morons in the building (the one with four sides and a spare), but
there are also some exceptionally sharp people.

Its not a matter of having smart people. Distance offers protection
against many risks. The closer you put two critical systems to each
other (e.g. in the same building) the higher the risk a single
catastrophe (or system engineer) will impact both of them. Of course
there are limits to diversity, earth is a single point of failure for
the foreseeable future.

  Perhaps true for the unclassified systems. But then they're not
really that critical to the real day-to-day operations. Moreover,
where the plane struck is not the side where the majority of this
kind of networking is done.

I have no idea how many or where the cable entrance facilities are
located or how major cables are routed through the Pentagon. Demarcs are
sometimes located in the darndest places a long way away from where you
might do your work. It might even make sense to put an alternate
building entrance facility not on the side where the majority of the
networking was done.

In any case, classification level is orthogonal to quality.

The Department of Defense does posses allot of "network disorganization"
mostly on the NIPERNET side.

  You mean NIPRnet, right?

      Allot of the NIPERNET "unclassified" network is just plain unruly at
it's best (I left the military in 2000, so maybe things have changed).

  I was the DISA.MIL Technical POC until I left in 1995, and I am the guy who convinced the SIPRnet and NIPRnet administrators to go with DNS for doing hostname resolution (instead of HOSTS.TXT files), as well as using real IP address space issued by ARIN, instead of just randomly fabricating some network space (in the event that the networks were ever connected to the live Internet, some point in the distant future). I'm also the guy who turned back to ARIN a few Class A, B, and a number of Class C network ranges that we were no longer using.

                                                                         Any
shop with their ADP or IT staff can practically get a server up and running,
build intranets, databases, etc. without practically anyone raising an
eyebrow, this is at the command level.

  Yup.

      Allot of these systems are non-redundant, and pose single points of
failures, etc, but again this is at the command level.

  True enough. But then these aren't mission-critical systems like WWMCCS or GCCS.

      After moving along the ranks, from a lowly seaman recruit running AUI,
cat V, and fiber cabling on an aircraft carrier, to a Third Class Petty
Officer stationed at The Unified Atlantic Region Network Operations Center
in Norfolk, VA. I learned that this is not the case for Mission Critical
systems, or for the SIPERNET "classified network".

  Yup.

       As Brad also stated the same.
       All I can say is this, and any ex-RM can say the same (Well RM's are
extint now they are IT), I never worked in a building that had any windows,
and that could not stand a very good shaking, that is, if it wasnt
underground in the first place.

  The Pentagon has windows. It also has an ancient system of air pipes aimed at all of the windows, where at a central location they play a radio or otherwise generate sound waves that are then distributed via the air pipes, thus preventing anyone from aiming a laser at the window and being able to bug the office.

  Of course, if you're not a flag officer (or equivalent), or you don't work for a flag officer (or equivalent), you won't get any windows. Myself, I worked in the basement, and I walked over a mile each way to go from where I got off the metro, past the concourse between corridors 1 & 10, down to my office on the mezzanine level, on the F ring, between corridors 6 & 7.

I have no idea how many or where the cable entrance facilities are
located or how major cables are routed through the Pentagon.

  True enough. Neither do I.

                      It might even make sense to put an alternate
building entrance facility not on the side where the majority of the
networking was done.

  In terms of primary human entrances, they are found on four of the five sides of the building. The fifth side is where the helipad is located.

  Moreover, the networking is done all over the building, although I presume that there are some areas of concentration around the NMCC, and certain other facilities.

  In terms of network facilities, I'm sure that they have multiple redundant entrances all around the building. The question is how far away from the building do they then converge, so that you once again have a SPOF.

Brad Knowles:
  The Pentagon has windows. It also has an ancient system of air
pipes aimed at all of the windows...

<paranoia>

Is this sensitive info? Couldn't someone (theoretically) aim a
"beam" at an unoccupied office and another at their objective
office then filter out the 'noise'?

</paranoia>

Sorry for the O.T.

Actually, I don't know for sure how it's implemented. They may have separate sound streams for each window. Moreover, this was a few years ago (I left in 1995), and there may have been changes since then. It would certainly be a lot easier to use individual speakers fed by electrical wiring, than pumping a lot of air around from a central location.

Even easier is to glue a piezoelectric transducer to the glass and feed
it some noise modulated to look like speech from a gadget which may cost
entire $30 in parts. Detecting IR laser emissions and sounding alarm is
also a good idea

--vadim

Blake Fithen wrote:

Brad Knowles:
The Pentagon has windows. It also has an ancient system of air pipes aimed at all of the windows...

<paranoia>

Is this sensitive info?

Given that I saw this on the history channel the other night, I'd say no.

"fold back" systems like Bose noise cancelling headsets depend on the
microphones being adjacent to each other. The further apart they are the
more difficult it becomes to "sync" the noise. A digital delay helps but
at some point of source divergence even it won't help.

Of course these measures are designed for inadvertent release of
information. Anyone with a window shouldn't be discussing things worth
eavesdropping on anyway. But in the real world...hence the air pipes.

Not that I would know anything about this sort of thing... ;0

Best regards,

As I recall and definitely don't quote me on this:) but there are also
grids of wires in the walls which release broadspectrum noise electronic
noise for jamming small transmitters. But only in certain rooms. It
also strikes me that the pentagon is not going to have many interesting
conversations in there not nearly as interesting as some other locations
I won't list here.

Scott

Perhaps they have perfected the Cone of Silence?

http://www.cinerhama.com/getsmart/innovations.html

- Dan

One of the lessons we were taught in our security briefings was that just because something was publicly discussed somewhere (e.g., on a television show or in the newspaper) does not automatically make the information unclassified.

  I personally know of classified data that has been leaked and published in print, and that's about all I'll say on that particular subject.

  However, with respect to the windows and the masking system, I have not been told that this information is classified or sensitive.

As I recall and definitely don't quote me on this:) but there are also
grids of wires in the walls which release broadspectrum noise electronic
noise for jamming small transmitters.

  I'm sure that they have all sorts of methods. On the other hand, cellphones make devilishly difficult "bugs" to eliminate, especially the ones that are capable of automatically answering the call and activating the microphone without any audible ring. You can't just block all cellphones, because many people carry pagers that work on the same frequencies, and many people carry cellphones that they depend on.

                                                                    It
also strikes me that the pentagon is not going to have many interesting
conversations in there not nearly as interesting as some other locations
I won't list here.

  Oh, I don't know. There are the briefing rooms with direct links to the whitehouse and other facilities. There's the NMCC itself, as well as the OSD-CC (which had even tighter security than I ever saw in the NMCC).

  During Desert Shield/Desert Storm, the Chairman of the Joint Chiefs had a regularly scheduled morning briefing every day, and it always started right on time and occasionally ran a little over.

  Since I'm sure that the Chairman still has an office in the building, there are probably similar things that continue to occur today.

  OTOH, there are definitely other places that probably have much more sensitive conversations that frequently go on.

  One of the lessons we were taught in our security briefings was
that just because something was publicly discussed somewhere (e.g.,
on a television show or in the newspaper) does not automatically make
the information unclassified.

It works the other way too. I've found things I write in public about
Internet outages have a habit of ending up in places you need clearence.
Someday it would be nice if I could read what I wrote.

Scroll down this page:
http://www.ncs.gov/n5_hp/Customer_Service/XAffairs/NewService/2000-063.htm

The NCS gets the information the same way as everyone else. They
subscribe to NANOG.

To bring this on topic:

How would ISPs feel about officially contributing to NCS's efforts on
tracking Internet outages? Would you be willing to subscribe the NCS
to your customer outage notification lists?

  I personally know of classified data that has been leaked and
published in print, and that's about all I'll say on that particular
subject.

Last I heard, the Department of Energy library still considers the
February 1979 issue of "The Progressive" magazine classified. You might
find it in some public libraries.
http://www.law.umkc.edu/faculty/projects/ftrials/conlaw/progressive.html

Which begs the question, does it being classified still matter if has been
openly published? And can you get in trouble for distributing it further?

"The Progressive" didn't think so. While the DOE successfully got an
injunction forbidding them from publishing "The H-Bomb Secret: How we got
it- why whe're telling it", the information was printed elsewhere later in
the year, so The Progressive went to press with the article in their
November 1979 edition.

See:
    http://www.progressive.org/pdf/1179.pdf
    http://www.shepherd-express.com/shepherd/20/09/headlines/cover_story.html

Temporarily mirrored at:
    https://www.die.net/tmp/9c88d4cc4922f7b5f2da46a30aabdcd8.pdf/1179.pdf

                                    -- Aaron

Actually, yes you do block all cell phones and transmissions in these
facilities. I'm not sure if you have ever been in one but having cell
phone access is simply not a concern. Neither is much open
comunication. They are however smaller locked down rooms you would
never lock down the entire pentagon that way. I read earlier a point
about buffer zones or distance between the building and outside world
and this quite common. Many times as well these external areas contain
electronic counter measures. Classified environments are very different
and have an entirely different set of requirements.

Better than this:) Does anyone remember when a diligent tech at Sprint
sent an fcc notification about an outage in the fine state of NV when a
certain set of ds3's and oc3's went ofOfline from a circuit braker trip.
I wish I could find it to quote but it went somet ing like...

AA faulty braker caused several ds3's to go off line including service to
the military installation area51 and s4.

This was posted on the fcc.gov site for at least 2 or three days that I
can recall.:)

n Wed, 14 Aug
2002, Sean Donelan wrote:

http://www.fcc.gov/Bureaus/Engineering_Technology/Filings/Network_Outage/1999/reports/99-228.pdf