DOD adopts COTS wares to protect supercomputers

The Defense Department's high-performance computing program office is finalizing plans for a security policy using commercial hardware and software security products to control access of more than 4,000 users of supercomputers nationwide.

The DOD High-Performance Computing Modernization Program (HPCMP) security policy covers two main areas: preventing unauthorized personnel from accessing supercomputers at various sites and protecting data transmissions between machines at the centers and users' desktop computers.

The program plans to issue in May SecurID cards, from Security Dynamics Technologies Inc., to control access, and it plans to use Kerberos encryption software to encrypt data transmissions, according to a policy statement issued by program officials.

The high-performance computing program promotes the use of supercomputing modeling and simulation to analyze weapons systems before the weapons are designed and developed. It encompasses four large centers, called major shared resource centers, and 13 smaller distributed centers. All of the centers offer high-performance computers and software to users who are linked via high-speed networks.

The majority of the users remotely access the high-performance machines, although this access is controlled through a secure wide-area network, according to a consultant who works with the program.

The policy, which is scheduled to be fully implemented by the end of fiscal 1998, has been in the planning stages for the past two years, said the consultant, who requested anonymity. The policy is not a response to any security breaches to date, but it is intended to be a proactive measure, he said.

"There is a well-known continuing issue with people out there who seem to have a recreational desire to get into various machines," he said.

The SecurID cards, which are about the size of a thick credit card, generate a new single-use password each time an authorized user enters one of the controlled computer systems. While static passwords used for many commercial systems generally change only once every few months, the one-time passwords provided by the cards change every 60 seconds, making it almost impossible for an unauthorized user to capture a password, according to a Security Dynamics official.

Weak passwords— in the form of easy-to-guess words such as a pet or spouse's name— are often the easiest method for hackers and other unauthorized users to gain access to a network, said Dave Power, Security Dynamics' senior vice president of marketing and corporate development.

The SecurID mechanism couples a unique password generated by a server and contained on the card with a personal identification known only to the user, thereby creating a double requirement for user authentication, Power said. Each card will cost $45 to $50, but they are designed to last four years without having to be upgraded.

"It has been our intention to go to SecurID and Kerberos for several years now," said Phil Webster, an HPCMP staff member. "We've always wanted to move away from static passwords so that a user would not have to send a password in the clear over a network. [SecureID is] good for one minute, and once it's been used, it's canceled out."

Kerberos is an independently developed security protocol available for free that will allow user transmissions to be encrypted wherever they are sent over a network.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.