Late in 1992, DARPA contacted one of its contractors, Trusted Information Systems, Incorporated, in Glenwood, MD. TIS had previously, and was at the time, working on DARPA projects, as well as projects for NSA and NIST. DARPA basically wanted to know if anyone at TIS knew anything about Internet Firewalls. Well, it just so happened that both Marcus Ranum and I had recently left DEC for TIS, bringing our experience with the DEC SEAL (Digital Equipment Corporation Secure External Access Link) to TIS.
It seems that the incoming (Clinton) team was used to using laptops and Internet email, and found in the Bush (George H. W.) “IBM Selectric Typewriters.” The question from DARPA was basially, could we propose a way to secure the administration’s laptops and desktops, and could we put the White House on the Internet? (I know this seems quaint now, but Intenet Firewalls were relatively unknown in 1992 except for the handful of places and people actually playing with and developing them.)
A very small team of us drew up the design and achitecture and very small band of programmers coded it (originally 1, Marcus, and then 2-3 others were added). The design for the whole system proposed is in the February 1994 paper, A Network Perimeter With Secure External Access. As with all good research, after it was done the operational customer—the White House—only made use of the firewall gateway.
Reading the above-cited NYT article, I cannot help but think that some of what President-elect Obama wants (I almost wrote “needs”) is able to be done. Organizations like DISA and DARPA know what COTS solutions would be required. But, I suspect that it will never come about. Too much government in the way, I suppose. It is not a technical problem that will require President Obama to hand over his Blackberry®.
Further reading:
- A Short History of Firewalls
- A brief history of the TIS Internet Firewall Toolkit
- A Toolkit and Methods for Building Internet Firewalls
