Network designed for sharing, security
- By Michael Hardy
- Mar 16, 2003
The State Department will get up to $8 million this fiscal year to continue work on a wide-area network intended to allow staff members worldwide to use sensitive or classified information securely.
By using virtual private network (VPN) technology, information stored on secure servers can be encrypted and transmitted over nonsecure lines instead of more expensive dedicated lines. When the users are finished with the data, it is wiped from their computers.
"The 'brain' would be located in a different spot than the actual terminal," said State spokeswoman Mary Swann. "This is a system we've been working on for quite some time." Several prototypes are already being tested, and the new funding will extend the project, she said.
Security is a primary concern for State, especially because American embassies are often targets for terrorists, said Warren Suss, president of Suss Consulting Inc. in Jenkintown, Pa.
The Iranian government took over the American embassy in Tehran in 1979, and al Qaeda terrorists bombed embassies in Kenya and Tanzania in 1998, for example.
"In all those cases, you've had the risk of a terminal being stolen," he said. If the terminal contained secret information, terrorists or hostile governments might gain access to it.
In general, VPN technology is already proven, according to technology analysts. State has to overcome potential challenges though, including slower response times as data is transmitted between the server and the client, and keeping secret not just the data, but its origin and destination, analysts say.
"No matter how reliable a network is, it's not going to be as reliable as a server in the next room. There are enormous trade-offs," Suss said.
Typically, VPNs balance the speed/security trade-off by using weak encryption on data packets — 40- to 60-bit — and much longer encryption codes on the keys that unlock the data, as much as 1,000 bits, said Jonathan Eunice, principal analyst at Illuminata Inc. in Nashua, N.H. The weaker encryption on the data lets it flow quickly, and the long encryption on the keys makes it hard to crack, he said.
In addition, "they keep changing the keys," he said. "Sometimes they change the keys every 30 seconds. If someone breaks into one session, no other session can they break into. It's very, very hard to break keys because you need to see big, long samples of the data in that key."