Army security expert emphasizes vigilance and training

[InfoSec News <isn () c4i org>]

http://www.gcn.com/vol1_no1/daily-updates/18327-1.html

By Patricia Daukantas 
GCN Staff
04/03/02 

A computer scientist from the National Infrastructure Protection
Center yesterday urged agency officials to return to the basics of
security and guard against cyberattacks by IT insiders.

Robert M. Wright, on loan to NIPC's Special Technology Application
Unit from the Army, said today's insiders are the people who are
allowed onto an agency's network. Such insiders bring in tools ranging
from hard drives the size of key chains to anonymous remailers,
steganography - hiding messages within digital images - peer-to-peer
applications, and infrared and radio wireless devices.

Speaking at the National High-Performance Computing and Communications
Council's annual conference in Newport, R.I., Wright emphasized the
need to investigate the so-called key holders - subcontractors and
service providers who haven't undergone the same level of background
checking as prime contractors.

Finally, agencies should provide continual training in and enforcement
of security policies and procedures, even if they seem obvious. Wright
likened this to the hundreds of hours that football players spend
doing basic drills at training camp.

"The idea is repetition, and the pro football players know it," Wright
said. "That's how you get good at it."

"If most people would take and employ the technology we have today,
most of the intrusions wouldn't take place," Wright said. Criminals
generally will give up on a well-protected system and find an easier
system to hack. The conference continues through Thursday.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.