Eight questions for Sam Nunn
- By Dibya Sarkar
- Jun 21, 2004
Since Sam Nunn, a former Democratic senator from Georgia, retired from Congress in 1996, he has co-founded the Nuclear Threat Initiative to prevent the use and spread of nuclear, biological and chemical weapons. In addition, he has taught at the Georgia Institute of Technology's international affairs school, which is named after him, and he is chairman of the Center for Strategic and International Studies' board of trustees.
Nunn serves on the boards of major publicly held corporations, including the Coca-Cola Co., Dell Inc. and General Electric Co. He recently became a strategic adviser for Redwood City, Calif.-based Decru Inc., a networked storage security company.
Nunn spoke with Federal Computer Week's Dibya Sarkar about homeland security, information sharing, network security and the international challenges ahead.
FCW: What is your interest in information security?
Nunn: I'm no technical expert. In terms of concepts of security, I have been involved in that for a long time, and I still am, particularly on the information side.
If you look at the overall threats to the United States, they involve a lot of global-type threats including terrorism, but particularly the threat of weapons of mass destruction matched up with terrorism. And the information security side of dealing with protecting our homeland has grown by quantum measures in my view in the last three to four years.
The reason I say that is because the need to share information across, for instance, military services — the Army, Navy, Air Force, Marines and Coast Guard — and the absolute essential requirement of sharing information from agencies such as the CIA and FBI are apparent, and that's one of the huge challenges. In addition to that kind of sharing, which would be your traditional military, law enforcement, intelligence areas, you're also going to have to bring in a lot of other agencies.
Another aspect is biological threats. Partnerships have got to be built across agency lines in our own government and across international lines with other governments and down through the federal government to state and locals to deal with biological threats. Then you take all the agencies that have to work together...such as food protection, agriculture, health protection and the Department of Health and Human Services. These people are now on the front lines of security, yet the information systems don't match, and the confidence of the ability of various agencies to handle this information that has historically been highly classified is certainly not there.
So, if you're the director of the Homeland Security Department and you're seeing all these things, and if you're the president of the United States, you've got to say, "Holy cow! I've got to have people connected up with information now that I've never had before, and I've got to find a way that there is a confidence level on the sharing of information if we're going to break loose and have the kind of cooperation that we need."
The problems that we face are horizontal — and not just within our own government, but also across the ocean. Right now, the formation and structure of government is vertical. So, agencies are vertical, and the problems are horizontal. And that means the ability to communicate with a degree of security relating to information is going to be much, much more important.
Agencies need the ability to store that information in a way that maintains a degree of confidence and a way in which various agencies can have access to it without subjecting highly classified information to thousands and thousands of people. I think that in the governmental sector, the need is overwhelming in terms of information security, and I suspect it extends beyond the government to the private sector in many, many aspects of this, particularly the health care industry.
FCW: You're addressing two problems in information sharing — one technological, the other cultural.
Nunn: Part of it is to be solved by just agency leaders pounding into the people below them that the risk of not sharing exceeds the risk of sharing. But part of it has got to be addressing the latter — the risk of sharing. That's where the technological part comes in.
FCW: Are we moving in that direction?
Nunn: The capability of various agencies to have information security adequately at the federal level varies all over the place. Some are pretty good, others are dismal and lots are halfway in between.
Today, the big issue is that inability to really handle the load we have, but then leaders must realize that the load is going to grow in a sort of staggering way when you look at the increased flow that has to take place among various agencies.
Then, you look at the tremendous explosion of stored data, a lot of which has to be able to be recalled and has to be able to be accessed by a lot more agencies than was the case in the past.
FCW: Have adequate information-
sharing policies been developed?
Nunn: I'm not in government now. My impression is that improvements have been made but not nearly at the pace that we need.
FCW: What will your role with Decru entail?
Nunn: They're not going to call me up and ask me anything about logarithms they need or how to repair the hardware. It will be much more in the broader strokes of governmental policy, international policy, corporate policy and that kind of thing, where I see the trends going.
FCW: There doesn't seem to be a perfect model of how information is stored across government and the private sector. It seems that each needs to learn from the other.
Nunn: I think so. And I know one governmental challenge is what's known as the data classification problem.
In the old days, the file systems allowed you to take information that, if it was put in one file, would be highly classified.
Separated in various component parts, however, none of those parts had to be classified. And having classified information is a lot harder than having unclassified information.
So, with the ability of people to penetrate information systems and put various pieces together, it's going to require, probably, a major review of the classification methods.
An easy way to manage that is to encrypt stored data from the beginning for new data and then go back and encrypt as much of the imported data so that you don't have to go through the whole reclassification system. It's another component that the government's going to have to deal with. I wouldn't say that's the top priority, but the first time you have somebody go in the systems and put a lot of files together, then it will become a hot item.
FCW: What is the top priority at this point?
Nunn: I think maximizing the information sharing and minimizing the security risks of doing this.
FCW: You feel the federal government is not doing this in a cohesive, enterprisewide manner?
Nunn: I think there are better sources than me on that one. I'm not day-to-day involved in government, but I know they have a lot of challenges, One of the challenges for DHS officials will, of course, be getting information across the various agencies. Then, you have to have compatible systems and compatible systems on the agencies' end, and on agency procurement timelines. Those are very hard to put together.
Somebody may be buying equipment one year, and somebody may buy equipment two years later, which is going through its own cycle of improvement. So, it's awfully hard to get compatible systems.