The security champ
- By Heather Harreld
- Jul 19, 1998
Richard Guida returned to his computer science roots three months ago when he took over the post of champion for security of the Government Information Technology Services Board.
Although he spent the last 25 years working in the Navy's nuclear propulsion program, Guida simultaneously earned a bachelor's degree in computer science and a master's degree in nuclear engineering from the Massachusetts Institute of Technology in 1973. Also during his student years, he briefly worked on the fledgling government-sponsored scientific network that would become the Internet.
"I've always had a love of computer science and the beauty of the mathematics that surrounds it," Guida said during an interview from his Treasury Department office. "This opportunity to make a career change was a wonderful opportunity— one that I couldn't pass up."
Guida began his career in the Navy in 1973 as a naval officer assigned to the engineering staff of Adm. Hyman Rickover, known as the father of the Nuclear Navy.
Rickover grew to become the most influential individual in Guida's life— other than his parents— because of the admiral's insistence upon technical excellence, complete dedication to the task at hand and total intellectual honesty and integrity.
Even during his years in nuclear engineering, information technology was never far from Guida's heart. He has three Pentium II computers at home that are wired together, and one of his favorite pastimes is defeating one of the PCs in strategy games. Guida said he does that to "remind myself that the human brain remains supreme over silicon and germanium."
Guida said his highest priority in his new position is to support the administration's goal of promoting the use of the Internet to conduct government business among federal agencies and the public, contractors and other governments. Guida said those goals cannot be achieved unless he promotes the security practices necessary to create an environment in which all parties feel comfortable using electronic transactions. A key component of the plan will be the development of a governmentwide, interoperable public-key infrastructure (PKI), he said.
A PKI is a framework of policies and rules for using digital signatures to authenticate an individual's identity and ensure data is not altered during transmission. Guida will be leading the effort to build a Bridge Certification Authority, a centralized organization to distribute digital signatures and ensure interoperability among various agencies.
"I want to make sure that we provide the fundamental building blocks needed for these electronic transactions to occur," he said. "If I can promote interest, then I have a situation where agencies that don't yet have a PKI will find it attractive to have one. And those who do have [a PKI] will find it attractive to grow it."
To encourage the use of electronic transactions, the government will face the difficult challenge of welding together the stovepipe systems in federal agencies— not dismantling or cutting through them, Guida said. This will require getting senior managers at agencies to recognize that interoperable solutions can benefit them more than agency-specific ones, albeit at the price of some autonomy, he said.
While noting that security has not received enough attention in the federal government, Guida said that may be due to a lack of resources. He said federal agencies fall into three groups: those that have been publicly humiliated by a security incident and have moved to fix the problems; those that have learned from the mistakes of others and dedicated resources to beefing up computer security; and those that have not had publicized incidents yet still have not dedicated adequate resources to security.
Guida said his greatest accolades go to agencies that fall into the second group, and he plans to focus the majority of his attention on the agencies that fall into the third category.
"Each agency has to have its own epiphany," he said. "Sometimes that epiphany comes in the form of a slap across the head. Once they've had their epiphany, they seem to subscribe to the need to do things right."
Guida said several workplace habits will help him accomplish his agenda. First, he said he will ensure that technical solutions are properly developed and comply with legal requirements such as those dealing with security and privacy. In addition, he will strive to ensure the participation of affected and interested parties within agencies and outside the government. Finally, he said he will place a high priority on correctly handling the public outreach and public affairs aspects of his work.
However, he describes his guiding principal as inclusiveness. "I believe that in order to make progress, you have to listen to other people," he said. "You have to respect their positions, and you have to deal with their positions."