Letters to the Editor
Contracting with Big Brother?
I would like to share some thoughts with anyone likely to be affected
by the pending Navy/Marine Corps Intranet (N/MCI) contract ["Navy adjusts
terms of intranet deal," FCW, April 17].
I wonder if the implications of N/MCI have been thought through well
enough. For one thing, if we entrust the whole e-mail system to a contractor,
we will be giving it the ability to view all government e-mail. It only
takes a knowledgeable system administrator with access to the Microsoft
Exchange service account password to do this.
Since the contractor would be charged with providing this service, they
would have to have the password to set it up. So the only way to protect
the government's e-mail would be to literally escort the contractor any
time they accessed an exchange server.
Speaking of security, the other issue here is that Microsoft Exchange
is designed to be centrally managed from a remote Exchange server. You see
the can of worms we are opening here. I hope this has been addressed, for
we will literally be handing a contractor the "keys to the kingdom."
Further, should there be any problems with the contract, the Navy will
be at the mercy of the contractor.
It is my understanding that with the N/MCI contract, we would also be
entrusting the contractor with the Secure Internet Protocol Router Network.
This idea is even more alarming. Are we going to entrust the Navy's security
to a contractor? It will be absolutely essential that the Navy and Marine
Corps have on their staff a team of highly trained computer security experts
to oversee this contract.
As a government employee, I feel it would be personally irresponsible of
me not to speak up. I am hoping these issues have been addressed, but I
am not willing to make that assumption. This is just too important.
The N/MCI contract is descending upon us at breakneck speed, yet I do
not know anyone, locally, who has actually been briefed on the rationale
behind this contract. One would think that with any endeavor of this magnitude
we would have been hearing about it for at least a year or more.
Since the publication of the book "1984," we have all been aware of
the concept of "Big Brother." But are we prepared for it to be a contractor?
It is food for thought.
James E. Trever
Naval Warfare Assessment Station
Cherry Point, N.C.
Arguing the business case
The path to every federal employee having a truly personal computer
would be offering a strong business case ["A vision for e-government,"
FCW, April 10].
This would be a more aggressive approach and would yield a more analytical
outcome. A business case would identify the priority order in which personal
computers would be acquired. It would cut across programs and agencies and
result in computer investments with the greatest returns to a deserving
Probably, it would increase the likelihood of the e-government vision
becoming a reality. Without a business case, the more compelling "e-worker"
benefits to the public could be lost.
Business Systems Management
Plugging the security holes
I read with interest the article on security ["Scanning for security
holes," Federal Computer Week Securing Electronic Government Supplement,
April 10], and in particular the "Calling in hired guns" sidebar.
As you rightly point out, the shortfall in security expertise has indeed
opened the door, not just for large commercial organizations that provide
security services as a part of their larger IT services product line, but
also for smaller companies like mine that specialize solely in security
My company, Mainstay Enterprises Inc., is a small, woman-owned business
specializing in information and physical and personnel security services.
It is one of the "guns" now helping the Federal Aviation Administration
meet Presidential Decision Directive 63 requirements.
In particular, we are assisting in Security Risk Assessment/Risk Remediation
Planning for critical information systems within the Office of Certification
and Regulation and the Office of the Assistant Administrator for Financial
Services. We are also spearheading the development of a standardized, automated
methodology for Security Risk Assessment utilizing a "toolbox" of commercial
off-the-shelf products for the Information Systems Security Program Office
of Air Traffic Service.
We believe that although the use of outside contractors (hired guns)
to help plug the security gap makes short-term sense, agencies such as the
FAA must also take action to increase their own internal capabilities. In
fact, FAA is moving aggressively to do so, both through the training of
existing staff and in the selective hiring of security personnel.
To assist in this, Mainstay has developed and is implementing a process
that rapidly and cost-effectively identifies potential risks to a system's
assets and assesses high-level security counter- measures required to reduce
those risks to an acceptable level. Key to this process is a series of security
workshops in which FAA System Owners become partners in the risk assessment
process for their systems and hence build a greater sense of security awareness
and "buy-in" among themselves and their staff as the work progresses. In
this way, both goals are achieved.
Vice President for Operations
Mainstay Enterprises Inc.