Experts: Enterprise architecture key to IT security

Enterprise architecture must be a key part of the strategy used to protect government computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist, at the recent Government Technology Research Alliance symposium in Hershey, Pa.

Ross said he first thought security would cure all enterprise architecture challenges, but he quickly learned that idea is flawed, Ross said at the symposium Dec. 7.

“When I got into actual discussions, I turned my view around to the point to where I think we can’t be successful as security professionals unless enterprise architects are successful on their end,” Ross said. “Enterprise architecture, I believe, is going to drive the ultimate success of protecting our critical infrastructures.”

The need for protection grows every day, said Scott Bernard, deputy chief information officer at the Federal Railroad Administration. Bernard said combating malware on government computers is similar to fighting a chronic human sickness.

“I believe that many public- and private-sector operating environments are infected,” Bernard said. “The malware is so sophisticated and pervasive that even if you know your environment is infected, you may still not be able to eradicate it completely.”

The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.

“Because this malware allows you to continue operations,” he said. “It just lays dormant and then pops up to record things. Then it goes back to sleep. When it pops up again, it expatriates a whole bunch of your information. That’s the reality of today.”

With just a few Google searches, people can find malware and information, Ross said.

“It used to be hackers were real smart folks, and there weren’t that many of them,” Ross said. “But now with these downloadable tools, it has empowered virtually mass numbers of people to do great damage.”

Deploying information technology in an undisciplined way contributes to the security problems, Ross said. Well-architected systems are much easier to protect, he said.

Security experts need to know how systems work and how they integrate together to protect them, he said.

"You can’t be forced to look 360 degrees around your systems and expect to catch everything all the time,” Ross said. “You have to be able to narrow the focus, and that means using architecture to build leaner and meaner systems.”

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.