DOD auditor says feds must focus on both network security and year 2000 problem
- By William Jackson
- Sep 28, 1998
Lame federal network security is unlikely to improve until the year 2000 crisis has
passed, a Defense Department auditor has predicted.
There is no doubt they are competing head to head for money and resources,
said Robert Lieberman, DOD assistant inspector general for auditing.
The departments priorities became clear in a memorandum last month from Defense
Secretary William Cohen. He threatened to suspend other information technology initiatives
if the services do not repair date code quickly enough [GCN, Aug. 24, Page 6].
Many DOD network security officials were unhappy about the memo, Lieberman said, but
the departments IT budget is awfully large. We spend more than $10 billion a
year on IT systems in DOD alone, which should be enough for both date code fixes and
adequate network security.
Lieberman moderated a discussion on network security at a Washington meeting this month
sponsored by the Presidents Council on Integrity and Efficiency.
Speaker David Hollis, government sales manager for Secure Computing Corp. of San Jose,
Calif., continued the drumbeat message he said he has been delivering to agencies for the
Its shameful how little security military networks have, Hollis said.
There is a tremendous amount of damage being inflicted on them.
Hollis, whose company sells security products and services such as penetration testing,
said, Our hackers have never failed to get into a network. However bad you think the
threat is, in reality its worse. No matter how easy you think it is to get into a
government system, its actually easier.
Most of the governments chief information officers agree, according to a recent
list of priorities drawn up by the Chief Information Officers Council, said Alan Paller,
research director for the Sans Institute of Bethesda, Md.
Everyone agreed that the two highest priorities were security and Y2K,
Paller said. The reason you are not hearing more about security is that
everyones mind is filled with Y2K.
Lieberman said the demand for services such as penetration testing are on the rise at
in DODs audit agency. There will be more, I predict, after the year 2000
because, unlike that problem, this one is not going away, he said.
He said he finds similarities in the scope of the problems, which require total
commitment by management. Security efforts might even benefit from year 2000 experiences,
Were frantically scrambling now to come up with contingency plans for how
to get along without some of our systems, Lieberman said. A lot of the plans
are lame because weve forgotten how to do that.
William Jackson is a Maryland-based freelance writer.