Air Force seeks better security from Microsoft

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm

03/10/2002 - Updated 11:19 PM ET  
By Byron Acohido, USA TODAY
 
SEATTLE - A top U.S. Air Force official has warned Microsoft to
dramatically improve the security of its software or risk losing the
Air Force as a customer. In an interview, Air Force chief information
officer John Gilligan revealed he has met with senior Microsoft
executives to tell them the Air Force is "raising the bar on our level
of expectation" for secure software.

Since being named Air Force CIO in November, Gilligan, who controls a
$6 billion-a-year technology budget, also has met with executives from
Cisco Systems and delivered a similar message at a handful of industry
forums. "We just can't afford the exposures, and so those who give us
better solutions, that's where we're going to put our business,"  
Gilligan says.

Gilligan, former Energy Department CIO, has discussed security most
often with executives at Microsoft. "They are the biggest supplier to
the Air Force, and my attempt has been to encourage them to set an
example," he says.

Reacting to rising criticism from the Air Force and others, Microsoft
Chairman Bill Gates in mid-January issued a directive making security
the software giant's No. 1 priority.

Gates directed 7,000 programmers to spend February scouring the
Windows operating system for openings hackers might exploit to steal
data or shut down systems.

"This is what our customers expect and demand," says Steve Lipner,
Microsoft's director of security assurance. "Message received. We're
working night and day on security."

Two years ago, the Love Bug virus "ran rampant" through the Air
Force's e-mail system, which runs on Microsoft Exchange software, says
Michael Erbschloe, vice president of research at Computer Economics
and author of two books on computer security.

The Love Bug caused an estimated $8 billion in damages to computer
systems worldwide. Last year, the Code Red virus and Nimda worm,
designed to attack Microsoft Internet Information Server software,
wrought an estimated $5 billion in damages.

Experts now worry that a cyberattack could knock out power, water,
transportation and communication systems.

"The military and the government don't really have too much choice at
this point except to start to put pressure on Microsoft and others to
improve software security," Erbschloe says.

Gilligan blames software makers for historically delivering products
with "relatively low-level quality" under the assumption that
customers would tolerate fixes to come later.

Changing that pattern won't come easy, he says. "This is not a matter
of just one day issuing a policy within a company that says we're
going to now pay more attention to security," he says.

"There are going to have to be some very specific and significant
investments made in changing processes for the future."



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.