Experts: Enterprise architecture key to IT security
- By Doug Beizer
- Dec 08, 2008
Enterprise architecture must be a key part of the strategy used to
protect government computers and networks from cyberattacks, said Ron
Ross, a National Institute of Standards and Technology senior computer
scientist, at the recent Government Technology Research Alliance
symposium in Hershey, Pa.
Ross said he first thought security
would cure all enterprise architecture challenges, but he quickly
learned that idea is flawed, Ross said at the symposium Dec. 7.
I got into actual discussions, I turned my view around to the point to
where I think we can’t be successful as security professionals unless
enterprise architects are successful on their end,” Ross said.
“Enterprise architecture, I believe, is going to drive the ultimate
success of protecting our critical infrastructures.”
for protection grows every day, said Scott Bernard, deputy chief
information officer at the Federal Railroad Administration. Bernard
said combating malware on government computers is similar to fighting a
chronic human sickness.
“I believe that many public- and
private-sector operating environments are infected,” Bernard said. “The
malware is so sophisticated and pervasive that even if you know your
environment is infected, you may still not be able to eradicate it
The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.
this malware allows you to continue operations,” he said. “It just lays
dormant and then pops up to record things. Then it goes back to sleep.
When it pops up again, it expatriates a whole bunch of your
information. That’s the reality of today.”
With just a few Google searches, people can find malware and information, Ross said.
“It used to be hackers were real smart folks, and there weren’t that
many of them,” Ross said. “But now with these downloadable tools, it
has empowered virtually mass numbers of people to do great damage.”
information technology in an undisciplined way contributes to the
security problems, Ross said. Well-architected systems are much easier
to protect, he said.
Security experts need to know how systems work and how they integrate together to protect them, he said.
can’t be forced to look 360 degrees around your systems and expect to
catch everything all the time,” Ross said. “You have to be able to
narrow the focus, and that means using architecture to build leaner and
Doug Beizer is a staff writer for Federal Computer Week.