Feds' security role may yield business benefits

[William Knowles <wk () C4I ORG>]

http://www.infoworld.com/articles/hn/xml/00/10/16/001016hnnist.xml

Monday, Oct. 16, 2000 11:17 am PT
By Jennifer Jones

BALTIMORE -- GARNERING low marks on IT security efforts and realizing
that many of the nation's most sensitive networks are now situated in
the private sector, the federal government more than ever is drumming
up security-related partnerships with Corporate America.

Here at the National Information Systems Security Conference running
through Oct. 19, high-level officials pounded on government IT product
buyers to push harder on vendors for increased security features in
commercial products.

National Security Agency Director Lieutenant General Michael Hayden
likened the evolving IT security relationship between government and
industry to the interaction between the nation's airline industry and
the U.S. Air Force.

Where the Air Force has led the way and come to symbolize the pinnacle
of the nation's aviation industry, so must the federal government
become the "security expression" of private industry, he said.

Hayden was one of three keynote speakers at the conference, which is
sponsored by the Department of Commerce's National Institute of
Standards and Technology (NIST).

Hayden said specifically that he sees an increased role in government
efforts to evaluate commercial products on their security features.

NSA will also work more closely with industry on product development,
because the NSA's mission is to help find products with stringent
enough security measures to meet the needs of the Defense Department.

NSA works with NIST, which has a similar commitment to civilian
agencies.

The director of NIST's IT Laboratory, William Mehuron, said
commercially available products continue to come up short on security
measures government users need.

"Much of the software now available has not had security as a priority
and we are now going through a tremendous catch-up game," he said.

But Mehuron held government officials partially to blame for that
shortfall.

"Too many times in the past, there have been concerted efforts among
vendors to come up with products that have strong security, only to
have those vendors dismayed by users who were then not willing to pay
increased prices for those products or put up with the systems
degradation issues that come along with them," he said.

David Farber, CTO of the Federal Communications Commission, then urged
government and private industry alike to plan more security measures
into systems now before even more changes due to wash over the
networking industry.

"It is going to be very, very difficult to design security into
systems after the fact. This is an opportune time to architect
security into systems," said Farber, who is also a professor at the
University of Pennsylvania.

Recent studies such as a report released Monday by the ITAA
Information Technology Association of America (ITAA) are in part
driving government systems administrators' need to step up security
measures.

Arlington, Va.-based ITAA found that about 51 percent of Americans are
more worried about government security efforts in the wake of
high-profile lapses such as those at the Los Alamos National
Laboratory.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".