Eight questions for Sam Nunn

Since Sam Nunn, a former Democratic senator from Georgia, retired from Congress in 1996, he has co-founded the Nuclear Threat Initiative to prevent the use and spread of nuclear, biological and chemical weapons. In addition, he has taught at the Georgia Institute of Technology's international affairs school, which is named after him, and he is chairman of the Center for Strategic and International Studies' board of trustees.

Nunn serves on the boards of major publicly held corporations, including the Coca-Cola Co., Dell Inc. and General Electric Co. He recently became a strategic adviser for Redwood City, Calif.-based Decru Inc., a networked storage security company.

Nunn spoke with Federal Computer Week's Dibya Sarkar about homeland security, information sharing, network security and the international challenges ahead.

FCW: What is your interest in information security?

Nunn: I'm no technical expert. In terms of concepts of security, I have been involved in that for a long time, and I still am, particularly on the information side.

If you look at the overall threats to the United States, they involve a lot of global-type threats including terrorism, but particularly the threat of weapons of mass destruction matched up with terrorism. And the information security side of dealing with protecting our homeland has grown by quantum measures in my view in the last three to four years.

The reason I say that is because the need to share information across, for instance, military services — the Army, Navy, Air Force, Marines and Coast Guard — and the absolute essential requirement of sharing information from agencies such as the CIA and FBI are apparent, and that's one of the huge challenges. In addition to that kind of sharing, which would be your traditional military, law enforcement, intelligence areas, you're also going to have to bring in a lot of other agencies.

Another aspect is biological threats. Partnerships have got to be built across agency lines in our own government and across international lines with other governments and down through the federal government to state and locals to deal with biological threats. Then you take all the agencies that have to work together...such as food protection, agriculture, health protection and the Department of Health and Human Services. These people are now on the front lines of security, yet the information systems don't match, and the confidence of the ability of various agencies to handle this information that has historically been highly classified is certainly not there.

So, if you're the director of the Homeland Security Department and you're seeing all these things, and if you're the president of the United States, you've got to say, "Holy cow! I've got to have people connected up with information now that I've never had before, and I've got to find a way that there is a confidence level on the sharing of information if we're going to break loose and have the kind of cooperation that we need."

The problems that we face are horizontal — and not just within our own government, but also across the ocean. Right now, the formation and structure of government is vertical. So, agencies are vertical, and the problems are horizontal. And that means the ability to communicate with a degree of security relating to information is going to be much, much more important.

Agencies need the ability to store that information in a way that maintains a degree of confidence and a way in which various agencies can have access to it without subjecting highly classified information to thousands and thousands of people. I think that in the governmental sector, the need is overwhelming in terms of information security, and I suspect it extends beyond the government to the private sector in many, many aspects of this, particularly the health care industry.

FCW: You're addressing two problems in information sharing — one technological, the other cultural.

Nunn: Part of it is to be solved by just agency leaders pounding into the people below them that the risk of not sharing exceeds the risk of sharing. But part of it has got to be addressing the latter — the risk of sharing. That's where the technological part comes in.

FCW: Are we moving in that direction?

Nunn: The capability of various agencies to have information security adequately at the federal level varies all over the place. Some are pretty good, others are dismal and lots are halfway in between.

Today, the big issue is that inability to really handle the load we have, but then leaders must realize that the load is going to grow in a sort of staggering way when you look at the increased flow that has to take place among various agencies.

Then, you look at the tremendous explosion of stored data, a lot of which has to be able to be recalled and has to be able to be accessed by a lot more agencies than was the case in the past.

FCW: Have adequate information-

sharing policies been developed?

Nunn: I'm not in government now. My impression is that improvements have been made but not nearly at the pace that we need.

FCW: What will your role with Decru entail?

Nunn: They're not going to call me up and ask me anything about logarithms they need or how to repair the hardware. It will be much more in the broader strokes of governmental policy, international policy, corporate policy and that kind of thing, where I see the trends going.

FCW: There doesn't seem to be a perfect model of how information is stored across government and the private sector. It seems that each needs to learn from the other.

Nunn: I think so. And I know one governmental challenge is what's known as the data classification problem.

In the old days, the file systems allowed you to take information that, if it was put in one file, would be highly classified.

Separated in various component parts, however, none of those parts had to be classified. And having classified information is a lot harder than having unclassified information.

So, with the ability of people to penetrate information systems and put various pieces together, it's going to require, probably, a major review of the classification methods.

An easy way to manage that is to encrypt stored data from the beginning for new data and then go back and encrypt as much of the imported data so that you don't have to go through the whole reclassification system. It's another component that the government's going to have to deal with. I wouldn't say that's the top priority, but the first time you have somebody go in the systems and put a lot of files together, then it will become a hot item.

FCW: What is the top priority at this point?

Nunn: I think maximizing the information sharing and minimizing the security risks of doing this.

FCW: You feel the federal government is not doing this in a cohesive, enterprisewide manner?

Nunn: I think there are better sources than me on that one. I'm not day-to-day involved in government, but I know they have a lot of challenges, One of the challenges for DHS officials will, of course, be getting information across the various agencies. Then, you have to have compatible systems and compatible systems on the agencies' end, and on agency procurement timelines. Those are very hard to put together.

Somebody may be buying equipment one year, and somebody may buy equipment two years later, which is going through its own cycle of improvement. So, it's awfully hard to get compatible systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group