Experts: Enterprise architecture key to IT security

Enterprise architecture must be a key part of the strategy used to protect government computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist, at the recent Government Technology Research Alliance symposium in Hershey, Pa.

Ross said he first thought security would cure all enterprise architecture challenges, but he quickly learned that idea is flawed, Ross said at the symposium Dec. 7.

“When I got into actual discussions, I turned my view around to the point to where I think we can’t be successful as security professionals unless enterprise architects are successful on their end,” Ross said. “Enterprise architecture, I believe, is going to drive the ultimate success of protecting our critical infrastructures.”

The need for protection grows every day, said Scott Bernard, deputy chief information officer at the Federal Railroad Administration. Bernard said combating malware on government computers is similar to fighting a chronic human sickness.

“I believe that many public- and private-sector operating environments are infected,” Bernard said. “The malware is so sophisticated and pervasive that even if you know your environment is infected, you may still not be able to eradicate it completely.”

The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.

“Because this malware allows you to continue operations,” he said. “It just lays dormant and then pops up to record things. Then it goes back to sleep. When it pops up again, it expatriates a whole bunch of your information. That’s the reality of today.”

With just a few Google searches, people can find malware and information, Ross said.

“It used to be hackers were real smart folks, and there weren’t that many of them,” Ross said. “But now with these downloadable tools, it has empowered virtually mass numbers of people to do great damage.”

Deploying information technology in an undisciplined way contributes to the security problems, Ross said. Well-architected systems are much easier to protect, he said.

Security experts need to know how systems work and how they integrate together to protect them, he said.

"You can’t be forced to look 360 degrees around your systems and expect to catch everything all the time,” Ross said. “You have to be able to narrow the focus, and that means using architecture to build leaner and meaner systems.”

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.