Get systems secure

Remember the TV sitcom “Get Smart,” about
a bumbling spy?

For security, Agent 86 and his boss would enter a cone of silence—but they
couldn’t hear each other. In one scene, the boss offered to write a note. Agent 86
cautioned that a note

could be stolen. The boss offered to swallow the note afterwards, but Agent 86 said his
stomach could be pumped by enemy spies. All right, I’ll burn it, said the exasperated
boss. But our man warned that the ashes could be reconstructed. And so on went the goofy

That’s how it is with computer security. It’s a seemingly intractable issue
that continues to grow for federal agencies and, indeed, for all of us. The world is
online to a much greater degree than even two years ago, yet most systems are still
maddeningly hackable. No encryption scheme has yet been found that can’t be cracked
with enough computer horsepower.

Unfortunately, the need to fix systems for year 2000 has temporarily pushed aside the
raging debate over the administration’s proposed Data Encryption Standard—the
one that many object to because they say that it gives law enforcement agencies a back
door to all encrypted data.

The result? Few agencies use any encryption to protect their own or citizens’
data. That’s a mistake. DES may be dead, but not the need for encryption.

At a recent Washington conference, Ira Winkler, president of the Information Security
Advisers Group of Severan Park, Md., and a former National Security Agency analyst, noted
that even weak encryption is better than none. It might make hackers move on to another
system, much as a burglar will avoid a house with an alarm system.

Winkler said that too few systems managers figure the lifecycle costs of security.
Those costs include downloading and then testing the constant streams of bug patches and
service packs flowing from software vendors that periodically discover security holes in
their products. Often, Winkler said, hackers exploit holes that are years old but remain
unpatched by administrators.

One wonders how many agencies downloaded the recent e-mail security patches for
Netscape Communications Corp. and Microsoft Corp. Web browsers.

Security is the cousin of the date code remediation requirement. Both are born of
short-term cost avoidance. Neither is cheap nor optional. Think about that as your agency
scrambles for year 2000 fix-it funds.

Thomas R. Temin
[email protected]


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected