Letters to the Editor

Contracting with Big Brother?

I would like to share some thoughts with anyone likely to be affected by the pending Navy/Marine Corps Intranet (N/MCI) contract ["Navy adjusts terms of intranet deal," FCW, April 17].

I wonder if the implications of N/MCI have been thought through well enough. For one thing, if we entrust the whole e-mail system to a contractor, we will be giving it the ability to view all government e-mail. It only takes a knowledgeable system administrator with access to the Microsoft Exchange service account password to do this.

Since the contractor would be charged with providing this service, they would have to have the password to set it up. So the only way to protect the government's e-mail would be to literally escort the contractor any time they accessed an exchange server.

Speaking of security, the other issue here is that Microsoft Exchange is designed to be centrally managed from a remote Exchange server. You see the can of worms we are opening here. I hope this has been addressed, for we will literally be handing a contractor the "keys to the kingdom."

Further, should there be any problems with the contract, the Navy will be at the mercy of the contractor.

It is my understanding that with the N/MCI contract, we would also be entrusting the contractor with the Secure Internet Protocol Router Network. This idea is even more alarming. Are we going to entrust the Navy's security to a contractor? It will be absolutely essential that the Navy and Marine Corps have on their staff a team of highly trained computer security experts to oversee this contract. As a government employee, I feel it would be personally irresponsible of me not to speak up. I am hoping these issues have been addressed, but I am not willing to make that assumption. This is just too important.

The N/MCI contract is descending upon us at breakneck speed, yet I do not know anyone, locally, who has actually been briefed on the rationale behind this contract. One would think that with any endeavor of this magnitude we would have been hearing about it for at least a year or more.

Since the publication of the book "1984," we have all been aware of the concept of "Big Brother." But are we prepared for it to be a contractor? It is food for thought.

James E. Trever

System Administrator

Naval Warfare Assessment Station

Cherry Point, N.C.

Arguing the business case

The path to every federal employee having a truly personal computer would be offering a strong business case ["A vision for e-government," FCW, April 10].

This would be a more aggressive approach and would yield a more analytical outcome. A business case would identify the priority order in which personal computers would be acquired. It would cut across programs and agencies and result in computer investments with the greatest returns to a deserving public.

Probably, it would increase the likelihood of the e-government vision becoming a reality. Without a business case, the more compelling "e-worker" benefits to the public could be lost.

Marv Gordon

President

Business Systems Management

Plugging the security holes

I read with interest the article on security ["Scanning for security holes," Federal Computer Week Securing Electronic Government Supplement, April 10], and in particular the "Calling in hired guns" sidebar.

As you rightly point out, the shortfall in security expertise has indeed opened the door, not just for large commercial organizations that provide security services as a part of their larger IT services product line, but also for smaller companies like mine that specialize solely in security services.

My company, Mainstay Enterprises Inc., is a small, woman-owned business specializing in information and physical and personnel security services. It is one of the "guns" now helping the Federal Aviation Administration meet Presidential Decision Directive 63 requirements.

In particular, we are assisting in Security Risk Assessment/Risk Remediation Planning for critical information systems within the Office of Certification and Regulation and the Office of the Assistant Administrator for Financial Services. We are also spearheading the development of a standardized, automated methodology for Security Risk Assessment utilizing a "toolbox" of commercial off-the-shelf products for the Information Systems Security Program Office of Air Traffic Service.

We believe that although the use of outside contractors (hired guns) to help plug the security gap makes short-term sense, agencies such as the FAA must also take action to increase their own internal capabilities. In fact, FAA is moving aggressively to do so, both through the training of existing staff and in the selective hiring of security personnel.

To assist in this, Mainstay has developed and is implementing a process that rapidly and cost-effectively identifies potential risks to a system's assets and assesses high-level security counter- measures required to reduce those risks to an acceptable level. Key to this process is a series of security workshops in which FAA System Owners become partners in the risk assessment process for their systems and hence build a greater sense of security awareness and "buy-in" among themselves and their staff as the work progresses. In this way, both goals are achieved.

Barry Bendel

Vice President for Operations

Mainstay Enterprises Inc.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.