Get systems secure

Remember the TV sitcom “Get Smart,” about
a bumbling spy?

For security, Agent 86 and his boss would enter a cone of silence—but they
couldn’t hear each other. In one scene, the boss offered to write a note. Agent 86
cautioned that a note

could be stolen. The boss offered to swallow the note afterwards, but Agent 86 said his
stomach could be pumped by enemy spies. All right, I’ll burn it, said the exasperated
boss. But our man warned that the ashes could be reconstructed. And so on went the goofy

That’s how it is with computer security. It’s a seemingly intractable issue
that continues to grow for federal agencies and, indeed, for all of us. The world is
online to a much greater degree than even two years ago, yet most systems are still
maddeningly hackable. No encryption scheme has yet been found that can’t be cracked
with enough computer horsepower.

Unfortunately, the need to fix systems for year 2000 has temporarily pushed aside the
raging debate over the administration’s proposed Data Encryption Standard—the
one that many object to because they say that it gives law enforcement agencies a back
door to all encrypted data.

The result? Few agencies use any encryption to protect their own or citizens’
data. That’s a mistake. DES may be dead, but not the need for encryption.

At a recent Washington conference, Ira Winkler, president of the Information Security
Advisers Group of Severan Park, Md., and a former National Security Agency analyst, noted
that even weak encryption is better than none. It might make hackers move on to another
system, much as a burglar will avoid a house with an alarm system.

Winkler said that too few systems managers figure the lifecycle costs of security.
Those costs include downloading and then testing the constant streams of bug patches and
service packs flowing from software vendors that periodically discover security holes in
their products. Often, Winkler said, hackers exploit holes that are years old but remain
unpatched by administrators.

One wonders how many agencies downloaded the recent e-mail security patches for
Netscape Communications Corp. and Microsoft Corp. Web browsers.

Security is the cousin of the date code remediation requirement. Both are born of
short-term cost avoidance. Neither is cheap nor optional. Think about that as your agency
scrambles for year 2000 fix-it funds.

Thomas R. Temin
[email protected]


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected