As Always, .gov and .mil Fight the Last War

The latest SANS Newsbites happily reports on a FCW article titled OMB likes Air Force's patch strategy. The US Office of Management and Budget's Karen Evans reportedly likes the US Air Force's plans to "deliver standardized and securely configured Microsoft software throughout the service." Brig. Gen. Ronnie Hawkins, director of communications operations in the Air Force's Office of the Deputy Chief of Staff for Installation and Logistics, says "We'll decide which configurations will be acceptable in the Air Force... We'll then implement these configurations and then lock the desktops down."

This should have been done ten years ago when I was using Windows for Workgroups 3.11 as an Air Force lieutenant. This approach is fighting the last war, since it relies on running hundreds of thousands of personal computers with general purpose operating systems. All of these systems will still need applications installed, and those apps and the OS will have to be patched, updated, etc.

Instead of running PCs, .mil and .gov should adopt centrally managed thin clients. (No, I do not work for Sun, nor do I receive any compensation for pushing their Sun Rays!) Instead of wasting time shoring up a flawed PC-centric computing model, the military and government should run screaming away from Windows on PCs and embrace thin clients. I don't mean run an embedded Windows-based client either, like the Wyse terminals.

Expect to see more on Sun's thin clients as I deploy them here in my network operations center.

Comments

Anonymous said…
This is interesting. Keep us posted. Which applications will you be using in the NOC? Would a regular MS Office user be mortified to hear that a company will be switching to Sun Rays? Like to know why you didn't pick Wyse. Pros and cons of Wyse and Sun Rays?
Justin S. said…
Possibly dumb question:

Why do you draw the sharp distinction between technology like the Sun Ray and WYSE terminals. What is the underlying difference between the two architectures that makes one advisable and the other not?
Anonymous said…
There's a reason why thin clients died years ago and the entire industry went away from the main frame model of network architecture, especially in the military. It's not about making the job easier for some computer guy somewhere but about being able to do job with a useful tool. Trying to maintain connectivity with some remote computer operations center somewhere in the midst of a battle from someplace with no remaining infrastructure is something that no war-fighter wants to consider. Carrying a bunch of dumb terminals along and waiting for the geeks to connect you up so you can do your mission is never going to be a workable solution for mobile operations.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics