Dont just complain about security

[William Knowles <wk () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/1016/web-nissc-10-17-00.asp

BY Diane Frank
10/17/2000

BALTIMORE Federal agencies must work more closely with industry to get
government security needs built into products as they are developed,
rather than going to vendors for fixes after the fact, according to
public- and private-sector experts.

At the National Information Systems Security Conference Monday, Lt.
Gen. Michael Hayden, director of the National Security Agency and
chief of the Defense Departments Central Security Service, said both
the defense and civilian sides of government now run and depend on
commercial off-the-shelf software that does not provide the level of
security assurance needed by agencies.

In order to get the operating systems, applications and security
software up to a point where the government feels comfortable, new
partnerships must be formed with industry and old partnerships must be
deepened, he said. Just as the Air Force is built on cooperation with
the aeronautics industry, "the National Security Agency must in fact
ultimately be the military expression of the telecommunications and
information technology industries," he said.

That means not just complaining to industry but working with it on
potential improvements, he said. "We need to do a better job of
clearly articulating our needs to the vendor community," said William
Mehuron, director of the Information Technology Laboratory at the
National Institute of Standards and Technology.

And it is important that agencies get involved in product development
now because next-generation networks are being built, and security
must be part of the products from the ground up, said David Farber,
the Alfred Fitler Moore Professor of Telecommunications Systems at the
University of Pennsylvania. As the new all-optical networks are
developed, the computing arena will need to build an entirely new
architecture of systems and software to work with those networks, and
security will be almost impossible to add after the fact.

"This is the opportune time to look forward and architect into these
systems the security we need not only for the military side, but more
importantly, for the civilian side," Farber said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".