FCW, the leader in providing news and analysis to the federal information technology community
News
This Week's News


Special Reports
Seat Management
Top 10 Computer Systems
Peacekeeping in the Pacific
Federal 100
Federal Nets
Virtual Government


IT Focus
CIOs
IT Contracts Database
IT Shops
Procurement


Search
By Keyword
By Issue Date


Networks
Agenda
Jobs
Peer Groups
Training


Test Center
Take the Tour


Contacts
Reporters
Subscriptionsweb.gif
Directions
Media Information










logo.jpg

civic.com

Government CIO Summit


FCW Test Center



idgnet_yellow.gif

   
Advertisement. Click Here.


Federal Computer Week

MAY 5, 1999 . . . 16:25 EDT

DOD taking steps to secure secret network further

BY DANIEL VERTON ([email protected])

SALT LAKE CITY -- Looking to protect its classified information network from internal security threats, the Defense Department is considering a new policy that will limit strictly network users' access to information.

DOD uses the Secret Internet Protocol Routing Network, or SIPRNET, as a secure intranet for sharing information classified as secret. Though SIPRNET provides no direct connections to the Internet, some DOD officials worry that giving personnel access to too much information could pose a security risk. The new policy would create "communities of interest" within the network, in which users would have access only to information required by their work.

"You don't want to give anybody access to all of your [organization's] information," said Richard Hale, an information assurance engineering executive with the Defense Information Systems Agency. "We are concerned that 500,000 of our closest friends are looking at our secrets," said Hale, referring to the approximate number of government personnel who have access to some sort of classified information.

Speaking at the Software Technology Conference here, Hale said senior DOD officials are expected to brief Deputy Secretary of Defense John Hamre today on the possibility of including the new policy as part of DOD's overall public-key infrastructure security initiative.

PKI solutions combine encryption, digital certificates and other technologies to authenticate a user's identity and to ensure that data and transactions are not tampered with during transmission over the Internet. DOD announced plans last month to use PKI solutions to secure both internal and external communications.

But PKI "doesn't solve anything itself," said Hale. Rather, because many of today's commercial security products "are not that good," DOD needs to devise a common set of policies governing both access and standards, he said.

In addition, Hale said the department needs to address the "hodgepodge" of Internet connections and protection policies that make up the DOD security architecture and process, which he described as "just a mess." As a solution, Hale recommended formulating a set of standard policies that spell out what type of information will be allowed to enter and leave DOD networks.

Hale said the modern way of dealing with adversaries, whether cyber-based or otherwise, remains "essentially unchanged" since the construction of the Great Wall of China, when nations erected stone embankments to protect their citizens against invading forces. "I do not think this can continue if we're really going to be serious about fighting wars using [COTS systems]," he said.

bar.gifMail questions to [email protected]
Copyright 1999 FCW Government Technology Group