Case Study 1: The Brazilian Federal Data Processing Service
CIS 512 – Advanced Computer Architecture
In the following case study, we will discuss the ethical issues, as well as the internal architectural model of the Brazilian Federal Data Processing Service. The study will be based on the decision of the Brazilian government to sever all ties with the US due to finding out that the NSA have been intercepting government communications. By conducting this case study, we will be covering the following learning outcomes: (1) Analyze the types of organizational and computer architectures for integrating systems and (2) develop an enterprise architecture plan to address and solve a proposed business ethical problem. The document to be referenced throughout the study is titled: “Brazil to fortify government email system following NSA snooping revelations,”
In a nutshell, what the Brazilian Federal Data Processing Service is proposing is to install new hardware to bypass the United States internet services and at the same time reduce the country’s dependence on U.S. services . The Serviço Federal de Processamento de Dados (SERPRO) is a private company owned by the Brazilian government with the mandate of providing networking services for information technologies to government agencies in Brazil. The Brazilian federal agency has both the manpower and expertise to take on such task and is a member of internationally known organizations that should back them up on this project. . Because the idea of developing the infrastructure is not far-fetched, we need to determine if there are grounds that will support such a bold move.
The reason for the proposed changes is that according to some of the documents that Edward Snowden exposed from the NSA, the Brazilian government found out that the NSA and by assumption the United States were eavesdropping and monitoring email communications from Brazilian agencies. Now the question stands, was this an unethical move by the NSA? The truth is that wiretapping has enabled the government to reach past borders to protect its citizens like never imagined before but, is it ethical?
Those for wiretapping and eavesdropping state that the United States Constitution gives the president all the power to protect the country against any nation, and they based these assumptions according to the laws that safeguard the citizens of the United States. Such laws are The Authorization for Use of Military Force (AUMF); The USA-Patriot Act; The Foreign Intelligence Surveillance Act (FISA); The Homeland Security Act 2002; and The Protect America Act. All these laws protect American citizens from foreign countries and, in my opinion, are not unethical. The fact that Brazil was using US internet services at that point does support the legality of the intercepted communication. With that said if Brazil wants to untie itself from US surveillance, and they wish to do this on their own without using any US services, then I don’t object to the effort they are putting to do so. The fact that something is not illegal, or unethical, doesn’t mean that someone that doesn’t want to be put in that position could not do everything in their power to distance themselves from it.
The fact that NSA was able to snoop into the Brazilian federal email communications reveals that there was, in fact, deficiencies and they should not have waited for something of this nature had happened to take action and fix it. As with anything that have to do with security and confidentiality, one must not stay on a stalemate. The fact that something has not happened or has not been detected does not mean that we as security professionals and especially in the government area should not be constantly monitoring for breaches or possible threats. On the government arena, all measures have to be more sensitive, and extra importance has to be assigned to the efficiency and reliability of the following components:
If the Brazilian government had been more diligent in beefing up security and keeping on top of their measures, they might have detected anomalies. In my opinion, the fact that they have to find out about it from third-party puts in perspective how unprepared and unaware they were.
- Firewalls: both hardware and software firewalls
- Email scanning software: both inbound and outbound communications
- Drive scanning: this will confirm that no external agents are present before or after the communication that will potentially be a threat to the system.
Quality of Proposed Architecture
According to the case study, what Brazil is proposing is a series of steps that will potentially exclude all communication to have tied to any US internet services. Some of the proposed plans are:
Since Brazil wants to take such extreme measures as to sever all ties with the US, the architecture proposed does not seem impossible, and it is well under the possible scenarios, both architecturally and economically for SERPRO to implement. It does provide useful techniques that will solve some of the problems initially, and will set the ground for a more secure system. If I were to suggest two other measures that the Brazilian agency should implement would be the following:
- Opening local data centers that would be subjected to the country’s privacy laws
- Removing sensitive data from the cloud and storing it locally
- Creating a BRICS cable connecting to the eastern Russian city of Vladivostok through a series of cables running through South Africa and Asia.
Previous Breaches and Similar Scenarios
- Encrypting all communications, especially those most sensible to interception: this extra step will help them secure the communications and even if it gets intercepted, the fact that is encrypted will elevate the possibility of it been read or deciphered.
- Firewalls, firewalls, and more firewalls: I am a firm believer that you cannot have enough firewalls protecting sensitive information. To more difficult you make it for someone to get to the wanted information, the more protected it would be. Firewalls will protect undesirable communication from going outside when unwanted.
Government organization and federal intelligence agencies are more prone to cyber-attacks than any other organization. The storage of confidential and sensitive government data makes them a prime target for hackers that are looking to gain personal values or even “street-creed” on the hacker’s world. Since the United Stated is seen as the most powerful nation in the world, it is very likely that it also guards the biggest and more valuable secrets. Hence the popularizations of hacker heroes like Edward Snowden. Since the US government is comprised of a conglomerate of government agencies, they face attacks and cyberattacks on a daily basis.
Take for example the National Nuclear Security Administration (NNSA), according to its officials “the computer systems of the agency in charge of America’s nuclear weapons stockpile are ‘under constant attack’ and face millions of hacking attempts daily”. After a successful attack in April 2011, internet access for workers at the lab was disconnected following the breach This measure is called air gapping; a security measure that involves isolating a computer or network and preventing it from establishing an external connection . Even though this might seem to be an extreme measure, it is not enough, even secure systems vulnerabilities can be exploited, and security measures are still needed.
Brunner, E. (2010). Brazil. In J. Voeller (Ed.), Wiley Handbook of science and technology for homeland security. Hoboken, NJ, USA: Wiley. Retrieved from http://libdatab.strayer.edu/login?url=http://search.credoreference.com/content/entry/wileysths/brazil/0
Constantin, L. (2013, October 14). Brazil to fortify government email system following NSA snooping revelations. Retrieved from Network World: http://www.networkworld.com/article/2170810/security/brazil-to-fortify-government-email-system-following-nsa-snooping-revelations.html
Haughn, M. (2015, November). Air Gapping. Retrieved from WhatIs Network security Glossary: http://whatis.techtarget.com/definition/air-gapping
Koebler, J. (2012, March 20). U.S. Nukes Face Up to 10 Million Cyber Attacks Daily. Retrieved from USNews: http://www.usnews.com/news/articles/2012/03/20/us-nukes-face-up-to-10-million-cyber-attacks-daily
Mullikin, A., & Rahman, S. M. (2010, November). The Ethical Dilema od the USA Government Wiretapping. International Journal of Managing Information Technology (IJMIT), 2(4), 32-39. Retrieved from http://airccse.org/journal/ijmit/papers/1110ijmit03.pdf
Neagle, C. (2013, September 18). Brazil’s ban on U.S. Internet services may prove futile. Retrieved from Network World: http://www.networkworld.com/article/2170935/lan-wan/brazil-s-ban-on-u-s–internet-services-may-prove-futile.html