Security means keeping the system up

CAMBRIDGE, Md. — When it comes to technological security, officials should shift their focus from guarding with the latest features to ensuring that critical processes keep running in the face of attacks, an expert said this week.

"We've spent a lot of effort in building interconnected systems, but not a lot of effort in how to secure those systems and ensure continuance of critical operations," said Tim Shimeall of Carnegie Mellon University's CERT Analysis Center.

Shimeall spoke Wednesday at the Interagency Resources Management Conference 2003 in Cambridge, Md.

Security officials previously focused on how to protect one machine or a single system, Shimeall said. But as networks expand, boundaries blur and more agencies are using interoperable and connected systems.

"As we involve more and more organizations, we step back from this centralized control, Shimeall said. "We need to consider that our network isn't limited. The network we care about is more than the network we own."

Information technology personnel should stop viewing networks purely as centrally-managed, independent entities, Shimeall said. The growth of the Internet has led to complex connections, which can make systems vulnerable, he said.

Attacks on government networks can have far-reaching effects on the public, such as exposing private information, and e-government initiatives are relying more and more on the Internet, Shimeall said. As a result, building a security wall to protect networks isn't good enough anymore, since hackers will go around it, Shimeall said. Instead, agencies need to identify what operations matter to an organization and determine how they can maintain these processes even during an ongoing attack.

"The number one thing you can do is first shift your thinking," Shimeall said. "Number two is ask the right questions and listen to the answers."

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.