GovNet ideas don't come cheaply
GovNet ideas don't come cheaply<@VM>Clarke unveils security strategies
- By William Jackson
- Dec 07, 2001
'Encryption is not enough,' cybersecurity adviser Richard Clarke says.
Presidential cybersecurity adviser Richard A. Clarke's October request for information for a secure GovNet intranet has drawn more than 160 vendor responses, including some warnings about the costs of a secure network.
The proposals will undergo scrutiny by a 16-agency evaluation team put together by the General Services Administration. The Software Engineering Institute at Carnegie Mellon University also will evaluate them.
The White House will have both sets of evaluations by February. 'Based on the analysis of the responses, we will determine the next steps,' Clarke said.
Industry officials said the idea of GovNet had been discussed for several months before Sept. 11, but the terrorist attacks made it more urgent.
Clarke said some government functions, such as air traffic control, manned space flight, disaster relief and law enforcement, are vital enough to warrant an isolated, air-gapped network.
'Encryption is not enough,' he said. 'I am also concerned with minimizing service outages caused by distributed denial-of-service attacks.'
The RFI suggested that GovNet would be a private voice and data network unconnected to public networks and impervious to outside assault. It would have encryption and commercial-grade voice service provided by commercial carriers.
Industry observers said the degree of security envisioned is possible, but at a price.
The RFI mentioned the abundance of unused network capacity that could minimize the cost of new construction for GovNet. But fiber-optic cabling is only one element in what would be a complex system.
'I think it is possible to have a highly secure network that would make intrusion very difficult,' said Anthony G. D'Agata, vice president and general manager of Sprint Corp.'s government systems unit. 'That has a cost element to it. You also limit scalability and interoperability.'
James F.X. Payne, senior vice president for government markets at Qwest Communications International Inc. of Denver, said the cost might be a bigger barrier than the technology.
'This is a low-cost, minimum-spec town, and GovNet doesn't fit that profile,' Payne said.
If agencies that pay $1 for a network service are offered the same thing with higher security for $1.80, 'don't count on them coming up with the 80 cents,' Payne said.
A White House official said response to the RFI showed industry confidence that the money would be forthcoming. Since Sept. 11, there has been a consensus that such a secure network is necessary and high on the priority list for funding, he said.
Sprint submitted four GovNet alternatives with varying levels of security, usability, scalability and cost.
'They fluctuate significantly depending on the security you are seeking,' D'Agata said. The alternatives are based on existing technology, but emerging technology also is possible, he said.
'In times of war you get great leaps forward in technology,' Qwest's Payne said, 'and we are at war.'
Stan Fleming, vice president of government operations for CloudShield Technologies Inc. of San Jose, Calif., said the evaluators must 'look at next-generation technology, to keep it from being obsolete by the time it is implemented.'Packet protection
CloudShield's optical packet processor examines 100 percent of every packet at optical speeds. It will undergo beta testing in February and be in production by around April, Fleming said.
'We'll be coming to market about the time they are trying to figure out what to do with GovNet,' he said.
Government officials have said GovNet is not intended for all government traffic and that agencies will continue to use public networks.
Payne said, however, that many agency applications could leave current networks such as those supplied by the FTS 2001 contractors, making GovNet a threat to them.
But D'Agata of Sprint, one of the FTS 2001 contractors, said that is unlikely.
'I think it would have minimal impact' on current networks, he said. Most FTS 2001 traffic is administrative and directed to the outside world, and it would not fit the profile for GovNet use, D'Agata said.A national center for infrastructure simulation and analysis will begin operations by next month, presidential cybersecurity adviser Richard A. Clarke said last week. Soon to follow will be a cyberwarning intelligence network linking large government and commercial network operations centers.
Clarke announced the two plans at the Global Tech Summit hosted in Washington by the Business Software Alliance. He said they are part of the administration's effort to foster closer public-private collaboration and to cement a national cybersecurity strategy within the next few months.
The infrastructure simulation center will tackle one of the thorniest security puzzles: how components interoperate on even simple networks. The center would model interrelated infrastructures including the Internet, telephone networks and power grids to see what effect incidents on one have on the others.
Clarke also said President Bush supports a bill introduced by Sen. Robert Bennett (R-Utah) to amend the Freedom of Information Act to protect information shared by companies with the government.