DOD adopts COTS wares to protect supercomputers

The Defense Department's high-performance computing program office is finalizing plans for a security policy using commercial hardware and software security products to control access of more than 4,000 users of supercomputers nationwide.

The DOD High-Performance Computing Modernization Program (HPCMP) security policy covers two main areas: preventing unauthorized personnel from accessing supercomputers at various sites and protecting data transmissions between machines at the centers and users' desktop computers.

The program plans to issue in May SecurID cards, from Security Dynamics Technologies Inc., to control access, and it plans to use Kerberos encryption software to encrypt data transmissions, according to a policy statement issued by program officials.

The high-performance computing program promotes the use of supercomputing modeling and simulation to analyze weapons systems before the weapons are designed and developed. It encompasses four large centers, called major shared resource centers, and 13 smaller distributed centers. All of the centers offer high-performance computers and software to users who are linked via high-speed networks.

The majority of the users remotely access the high-performance machines, although this access is controlled through a secure wide-area network, according to a consultant who works with the program.

The policy, which is scheduled to be fully implemented by the end of fiscal 1998, has been in the planning stages for the past two years, said the consultant, who requested anonymity. The policy is not a response to any security breaches to date, but it is intended to be a proactive measure, he said.

"There is a well-known continuing issue with people out there who seem to have a recreational desire to get into various machines," he said.

The SecurID cards, which are about the size of a thick credit card, generate a new single-use password each time an authorized user enters one of the controlled computer systems. While static passwords used for many commercial systems generally change only once every few months, the one-time passwords provided by the cards change every 60 seconds, making it almost impossible for an unauthorized user to capture a password, according to a Security Dynamics official.

Weak passwords— in the form of easy-to-guess words such as a pet or spouse's name— are often the easiest method for hackers and other unauthorized users to gain access to a network, said Dave Power, Security Dynamics' senior vice president of marketing and corporate development.

The SecurID mechanism couples a unique password generated by a server and contained on the card with a personal identification known only to the user, thereby creating a double requirement for user authentication, Power said. Each card will cost $45 to $50, but they are designed to last four years without having to be upgraded.

"It has been our intention to go to SecurID and Kerberos for several years now," said Phil Webster, an HPCMP staff member. "We've always wanted to move away from static passwords so that a user would not have to send a password in the clear over a network. [SecureID is] good for one minute, and once it's been used, it's canceled out."

Kerberos is an independently developed security protocol available for free that will allow user transmissions to be encrypted wherever they are sent over a network.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.