Experts: Enterprise architecture key to IT security

Enterprise architecture must be a key part of the strategy used to protect government computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist, at the recent Government Technology Research Alliance symposium in Hershey, Pa.

Ross said he first thought security would cure all enterprise architecture challenges, but he quickly learned that idea is flawed, Ross said at the symposium Dec. 7.

“When I got into actual discussions, I turned my view around to the point to where I think we can’t be successful as security professionals unless enterprise architects are successful on their end,” Ross said. “Enterprise architecture, I believe, is going to drive the ultimate success of protecting our critical infrastructures.”

The need for protection grows every day, said Scott Bernard, deputy chief information officer at the Federal Railroad Administration. Bernard said combating malware on government computers is similar to fighting a chronic human sickness.

“I believe that many public- and private-sector operating environments are infected,” Bernard said. “The malware is so sophisticated and pervasive that even if you know your environment is infected, you may still not be able to eradicate it completely.”

The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.

“Because this malware allows you to continue operations,” he said. “It just lays dormant and then pops up to record things. Then it goes back to sleep. When it pops up again, it expatriates a whole bunch of your information. That’s the reality of today.”

With just a few Google searches, people can find malware and information, Ross said.

“It used to be hackers were real smart folks, and there weren’t that many of them,” Ross said. “But now with these downloadable tools, it has empowered virtually mass numbers of people to do great damage.”

Deploying information technology in an undisciplined way contributes to the security problems, Ross said. Well-architected systems are much easier to protect, he said.

Security experts need to know how systems work and how they integrate together to protect them, he said.

"You can’t be forced to look 360 degrees around your systems and expect to catch everything all the time,” Ross said. “You have to be able to narrow the focus, and that means using architecture to build leaner and meaner systems.”

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.