Information Security News mailing list archives
Dont just complain about security
From: William Knowles <wk () C4I ORG>
Date: Tue, 17 Oct 2000 21:04:05 -0500
http://www.fcw.com/fcw/articles/2000/1016/web-nissc-10-17-00.asp BY Diane Frank 10/17/2000 BALTIMORE Federal agencies must work more closely with industry to get government security needs built into products as they are developed, rather than going to vendors for fixes after the fact, according to public- and private-sector experts. At the National Information Systems Security Conference Monday, Lt. Gen. Michael Hayden, director of the National Security Agency and chief of the Defense Departments Central Security Service, said both the defense and civilian sides of government now run and depend on commercial off-the-shelf software that does not provide the level of security assurance needed by agencies. In order to get the operating systems, applications and security software up to a point where the government feels comfortable, new partnerships must be formed with industry and old partnerships must be deepened, he said. Just as the Air Force is built on cooperation with the aeronautics industry, "the National Security Agency must in fact ultimately be the military expression of the telecommunications and information technology industries," he said. That means not just complaining to industry but working with it on potential improvements, he said. "We need to do a better job of clearly articulating our needs to the vendor community," said William Mehuron, director of the Information Technology Laboratory at the National Institute of Standards and Technology. And it is important that agencies get involved in product development now because next-generation networks are being built, and security must be part of the products from the ground up, said David Farber, the Alfred Fitler Moore Professor of Telecommunications Systems at the University of Pennsylvania. As the new all-optical networks are developed, the computing arena will need to build an entirely new architecture of systems and software to work with those networks, and security will be almost impossible to add after the fact. "This is the opportune time to look forward and architect into these systems the security we need not only for the military side, but more importantly, for the civilian side," Farber said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Dont just complain about security William Knowles (Oct 18)