Federal government falls short in Cybersecurity.More than 90 percent of all successful attacks on Defense Department computer systems are based on vulnerabilities that already are known, said a top National Security Agency official. "A system left un-patched soon becomes a target, like an unlocked sports car with the keys in the ignition," said Daniel Wolf, director of information assurance at the National Security Agency. Eliminating computer system vulnerabilities also should be a high priority, but the government is a long way from achieving that goal, he said. Speaking before the House Select Committee on Homeland Security's Subcommittee on Cybersecurity, Science and Research and Development, Wolf said that improving the way software is written would eliminate vulnerabilities. Computer operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. also must have the ability to defend themselves from attack, he said. An automated patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique system would keep government computers continually updated with the latest protection, he added. The NSA NSA abbr. National Security Agency Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign is working on a $3 billion program called Cryptographic Modernization that would allow a computer system to modify itself on-the-fly, said Wolf. Research also is needed to "build cybersecurity systems that can continue to operate even while under attack," he said. The Defense Advanced Research Projects Agency Defense Advanced Research Projects Agency (DARPA), U.S. government agency administered by the Department of Defense (see Defense, United States Department of). is looking at these kinds of systems, said Wolf. "I believe that the highest payoff for optimizing cybersecurity is the creation of an interoperable authentication system The combination of authentication server and authenticator, which may be separate devices or both reside in the same unit such as an access point or network access server. The authentication server contains a database of user names, passwords and policies, and the authenticator physically deployed widely throughout the federal, national security, first responder first responder First response personnel Emergency medicine A person employed in the public sector–EMT, fire fighter, police, volunteer EMS–whose duties include provision of immediate medical care in the event of an emergency; FRs have basic emergency and critical infrastructure community," he said. It would be similar to a system the NSA and the Defense Information Systems Agency built for the Department of Defense, Wolf said. With this system in place, the Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States would be able to know who is accessing information or uploading reports, he said. "It is also important to note here that most critical infrastructures, like a [public key infrastructure system], should be built using U.S. technology," said Wolf. "I have concerns with foreign software of unknown trust and quality being integrated into critical U.S. systems." Another measure for cybersecurity the government needs to initiate includes effective protection to safeguard cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. borders, said Wolf. That means having systems with firewalls that create a barrier between the government's protected network and the Internet, and encrypted tunnels that protect information as it moves between secure networks. The government also should install a cyber intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. to monitor the flow of information and to detect suspicious activity. "The technology alone [never will] be good enough to protect us because, ultimately, getting cybersecurity right is more about what you do than what you buy," said Wolf. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion