DOD adopts COTS wares to protect supercomputers

The Defense Department's high-performance computing program office is finalizing plans for a security policy using commercial hardware and software security products to control access of more than 4,000 users of supercomputers nationwide.

The DOD High-Performance Computing Modernization Program (HPCMP) security policy covers two main areas: preventing unauthorized personnel from accessing supercomputers at various sites and protecting data transmissions between machines at the centers and users' desktop computers.

The program plans to issue in May SecurID cards, from Security Dynamics Technologies Inc., to control access, and it plans to use Kerberos encryption software to encrypt data transmissions, according to a policy statement issued by program officials.

The high-performance computing program promotes the use of supercomputing modeling and simulation to analyze weapons systems before the weapons are designed and developed. It encompasses four large centers, called major shared resource centers, and 13 smaller distributed centers. All of the centers offer high-performance computers and software to users who are linked via high-speed networks.

The majority of the users remotely access the high-performance machines, although this access is controlled through a secure wide-area network, according to a consultant who works with the program.

The policy, which is scheduled to be fully implemented by the end of fiscal 1998, has been in the planning stages for the past two years, said the consultant, who requested anonymity. The policy is not a response to any security breaches to date, but it is intended to be a proactive measure, he said.

"There is a well-known continuing issue with people out there who seem to have a recreational desire to get into various machines," he said.

The SecurID cards, which are about the size of a thick credit card, generate a new single-use password each time an authorized user enters one of the controlled computer systems. While static passwords used for many commercial systems generally change only once every few months, the one-time passwords provided by the cards change every 60 seconds, making it almost impossible for an unauthorized user to capture a password, according to a Security Dynamics official.

Weak passwords— in the form of easy-to-guess words such as a pet or spouse's name— are often the easiest method for hackers and other unauthorized users to gain access to a network, said Dave Power, Security Dynamics' senior vice president of marketing and corporate development.

The SecurID mechanism couples a unique password generated by a server and contained on the card with a personal identification known only to the user, thereby creating a double requirement for user authentication, Power said. Each card will cost $45 to $50, but they are designed to last four years without having to be upgraded.

"It has been our intention to go to SecurID and Kerberos for several years now," said Phil Webster, an HPCMP staff member. "We've always wanted to move away from static passwords so that a user would not have to send a password in the clear over a network. [SecureID is] good for one minute, and once it's been used, it's canceled out."

Kerberos is an independently developed security protocol available for free that will allow user transmissions to be encrypted wherever they are sent over a network.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.