IF YOU TYPE ”forces support squadron site:.com” into Google, you’ll notice a slew of Air Force units operating from dot-com domains rather than from USAF’s standard “af.mil” domain.

Let’s start at the top of the Google hits and do a whois on the dot-com domain for Seymour-Johnson AFB.  It reveals a private registration, yet a simple Freedom of Information Act request will tell us everything we wish to know.  A traceroute reveals a commercial ISP hosts this official Air Force website, and this fact raises an embarrassing question — how does AFCYBER protect this Force Support Squadron website from devastating cyber attacks?

Move down the list of Google hits and you find a commercial website for Hill AFB.  A whois reveals it belongs to the 75th Mission Support Group in building #460 on Hill AFB.  A traceroute reveals (you guessed it!) a commercial ISP hosts this official Air Force website.  Again I ask: how does AFCYBER protect this Mission Support Group from devastating cyber attacks?

Moving down the list of Google hits, we find an Air Force unit stationed half a world away at Misawa AB, Japan.  A whois reveals another private registration — the Air Force pays extra for that privilege — and yet a simple Freedom of Information Act request will tell us everything we wish to know.  A traceroute doesn’t give us exactly the details we want, but a quick check of the website’s IP address reveals it belongs to a commercial ISP.

Move down the list of Google hits and … well, you get the hint.

This forces us to ask a very serious question, folks.  If the Air Force (as they so claim) protects the Pentagon from millions of cyber attacks every day — then who protects all of these ISP-run Air Force websites?  The answer is “not the Air Force.”  And that’s embarrassing.

And it forces us to ask an embarrassing philosophical question.  If the Air Force hires ISPs to protect its own cyberspace, then why does the Pentagon need the Air Force to protect them?  Defense Secretary Robert Gates should simply farm it out to GoDaddy.com and be done with it…

No Comments

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

You must be logged in to post a comment.