Code blue for MLS
A "brain-dead idea." That's what retired Air Force General Carl O'Berry
called it. He was referring to multilevel security.
MLS perhaps isn't brain-dead. But it has been frustratingly out of reach of the Defense
Department since--well, since the department had any sort of computer network. Today, MLS
remains very much in the future.
Why? Simply because while the idea of MLS is easy to visualize, its execution is
MLS is simply a way for messages of various security levels, from unclassified to Top
Secret, to travel on a common physical network and be accessed only by those with the
proper authority. Perhaps surprisingly, it is also undoable with current technology.
That's why for years the "leftover punch and cookies are in the D-ring" type
messages have traveled on networks entirely separately from those carrying messages such
as "What would happen if we bombed Leningrad first instead of Moscow?"
Maintaining separate networks is a cost and logistics burden DOD would rather not carry.
But don't take my word for it. The National Security Agency, in an uncharacteristically
candid (and courageous) move, has admitted that multilevel security still is years off.
Instead, the agency's Nick Piazzola recently told GCN's Paul Constance [July 15, Page 60],
NSA will concentrate on just two levels of security--Secret and unclassified.
Earlier this year, Howard Frank of the Advanced Research Projects Agency characterized
current network security technology as analogous to "bloodletting and snake oil"
The days are past when this was an arcane problem for a Cold War DOD. Computer
networks, it hardly needs to be said, are pervasive and critical to nearly every aspect of
government and private-sector life.
That's why two parties besides ARPA and NSA have to weigh in. First, Congress must stop
barking about network security and fund some of the needed basic research.
Second, vendors must do more to address this problem. Many manufacturers in the
networking and communications fields are having near-exponential growth, accompanied by
handsome earnings. It's time they devoted a greater share of dollars for R&D in this
Multilevel security may be a DOD requirement, but the underlying technologies and
products needed to make it happen are everyone's concern.