Expert: Feds, industry must team to fight vulnerabilities

Government and industry must cooperate to keep new vulnerabilities from entering computer systems, an information security expert recommends.

Collaboration is essential to keep new weaknesses from spreading and make the Herculean task of finding all the malicious software already out there more manageable, said Alan Paller, director of research at the SANS Institute, a training and education organization for security professionals.

“The big, untold story about federal computers is the number of systems that have already been penetrated,” Paller said. Unknown amounts of malicious software is observing federal data and copying and sending it to unauthorized users, he said.

The good news is that the Air Force is leading the way toward a solution to manage the changing threat landscape, Paller said. Fed up with buying vulnerable Microsoft software and the company’s delays in security patching, the Air Force is working with Microsoft to develop a more secure version of Windows and other software.

This partnership heralds the future, Paller said. The government, leading by example, invests its money to help industry develop secure systems for government use. Those fortified systems will eventually reach the consumer market.

The institute released its latest update to its 20 Most Critical Internet Security Vulnerabilities in 2005 report on Nov. 22.

Ten of the vulnerabilities were in cross-platform applications installed on millions of systems, including backup software, antivirus software, database software and media players. Three affected network operating systems that control routers, switches and other devices that form the Internet’s backbone. All 13 appeared as critical threats for the first time in the past year.

The move from server-side attacks to client-side attacks in 2005 has given cybercriminals a tremendous advantage in their attacks on government and industry, Paller said. Most client applications are not updated automatically with security patches, leaving large swathes of critical data unprotected.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected