Don't just complain about security

By Diane Frank
Oct 17, 2000

Related Links

"GSA splits security, contracting"

BALTIMORE — Federal agencies must work more closely with industry to get

government security needs built into products as they are developed, rather

than going to vendors for fixes after the fact, according to public- and

private-sector experts.

At the National Information Systems Security Conference Monday, Lt.

Gen. Michael Hayden, director of the National Security Agency and chief

of the Defense Department's Central Security Service, said both the defense

and civilian sides of government now run and depend on commercial off-the-shelf

software that does not provide the level of security assurance needed by

agencies.

In order to get the operating systems, applications and security software

up to a point where the government feels comfortable, new partnerships must

be formed with industry and old partnerships must be deepened, he said.

Just as the Air Force is built on cooperation with the aeronautics industry,

"the National Security Agency must in fact ultimately be the military expression

of the telecommunications and information technology industries," he said.

That means not just complaining to industry but working with it on potential

improvements, he said. "We need to do a better job of clearly articulating

our needs to the vendor community," said William Mehuron, director of the

Information Technology Laboratory at the National Institute of Standards

and Technology.

And it is important that agencies get involved in product development

now because next-generation networks are being built, and security must

be part of the products from the ground up, said David Farber, the Alfred

Fitler Moore Professor of Telecommunications Systems at the University of

Pennsylvania. As the new all-optical networks are developed, the computing

arena will need to build an entirely new architecture of systems and software

to work with those networks, and security will be almost impossible to add

after the fact.

"This is the opportune time to look forward and architect into these

systems the security we need not only for the military side, but more importantly,

for the civilian side," Farber said.

E-Mail this page

Printable Format

Featured

Open Gov

Key open gov deadline nears with no public action

Can stakeholders and activists take this White House at its word that it is sincerely interested in advancing open data and open government policy?
Government Innovation Awards

Congratulations to the 2018 Rising Stars

These early-career leaders already are having an outsized impact on government IT.
Cybersecurity

Microsoft targets copycat influence websites

Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

Advanced Search

Stay Connected

FCW Update

Sign up for our newsletter.

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select agency/branch/business type

I agree to this site's Privacy Policy.

Don't just complain about security

Related Links

Featured

Key open gov deadline nears with no public action

Congratulations to the 2018 Rising Stars

Microsoft targets copycat influence websites

Stay Connected

FCW Update

New from FCW

DOD DepSec weighs in on Space Force

DOD's new cyber strategy stresses election security, embraces commercial IT

Botnet bandits drop dimes on cybercrimes

How the Energy Dept. is operationalizing emergency response

Air Force rolls out PEO Digital

FAA drone tracker launches nationwide

FCW Insider: Sept. 19

What federal job automation looks like

Botnet bandits drop dimes on cybercrimes

DOD's new cyber strategy stresses election security, embraces commercial IT

FAA drone tracker launches nationwide

DHS' Mosley headed to FDIC

Barriers to effective insider threat monitoring

MSPB inches closer to addressing massive backlog

Congratulations to the 2018 Rising Stars