DOD adopts COTS wares to protect supercomputers

The Defense Department's high-performance computing program office is finalizing plans for a security policy using commercial hardware and software security products to control access of more than 4,000 users of supercomputers nationwide.

The DOD High-Performance Computing Modernization Program (HPCMP) security policy covers two main areas: preventing unauthorized personnel from accessing supercomputers at various sites and protecting data transmissions between machines at the centers and users' desktop computers.

The program plans to issue in May SecurID cards, from Security Dynamics Technologies Inc., to control access, and it plans to use Kerberos encryption software to encrypt data transmissions, according to a policy statement issued by program officials.

The high-performance computing program promotes the use of supercomputing modeling and simulation to analyze weapons systems before the weapons are designed and developed. It encompasses four large centers, called major shared resource centers, and 13 smaller distributed centers. All of the centers offer high-performance computers and software to users who are linked via high-speed networks.

The majority of the users remotely access the high-performance machines, although this access is controlled through a secure wide-area network, according to a consultant who works with the program.

The policy, which is scheduled to be fully implemented by the end of fiscal 1998, has been in the planning stages for the past two years, said the consultant, who requested anonymity. The policy is not a response to any security breaches to date, but it is intended to be a proactive measure, he said.

"There is a well-known continuing issue with people out there who seem to have a recreational desire to get into various machines," he said.

The SecurID cards, which are about the size of a thick credit card, generate a new single-use password each time an authorized user enters one of the controlled computer systems. While static passwords used for many commercial systems generally change only once every few months, the one-time passwords provided by the cards change every 60 seconds, making it almost impossible for an unauthorized user to capture a password, according to a Security Dynamics official.

Weak passwords— in the form of easy-to-guess words such as a pet or spouse's name— are often the easiest method for hackers and other unauthorized users to gain access to a network, said Dave Power, Security Dynamics' senior vice president of marketing and corporate development.

The SecurID mechanism couples a unique password generated by a server and contained on the card with a personal identification known only to the user, thereby creating a double requirement for user authentication, Power said. Each card will cost $45 to $50, but they are designed to last four years without having to be upgraded.

"It has been our intention to go to SecurID and Kerberos for several years now," said Phil Webster, an HPCMP staff member. "We've always wanted to move away from static passwords so that a user would not have to send a password in the clear over a network. [SecureID is] good for one minute, and once it's been used, it's canceled out."

Kerberos is an independently developed security protocol available for free that will allow user transmissions to be encrypted wherever they are sent over a network.


    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.