DOD auditor says feds must focus on both network security and year 2000 problem

Lame federal network security is unlikely to improve until the year 2000 crisis has
passed, a Defense Department auditor has predicted.


“There is no doubt they are competing head to head for money and resources,”
said Robert Lieberman, DOD assistant inspector general for auditing.


The department’s priorities became clear in a memorandum last month from Defense
Secretary William Cohen. He threatened to suspend other information technology initiatives
if the services do not repair date code quickly enough [GCN, Aug. 24, Page 6].


Many DOD network security officials were unhappy about the memo, Lieberman said, but
the department’s IT budget “is awfully large. We spend more than $10 billion a
year on IT systems in DOD alone,” which should be enough for both date code fixes and
adequate network security.


Lieberman moderated a discussion on network security at a Washington meeting this month
sponsored by the President’s Council on Integrity and Efficiency.


Speaker David Hollis, government sales manager for Secure Computing Corp. of San Jose,
Calif., continued the drumbeat message he said he has been delivering to agencies for the
last year.


“It’s shameful how little security military networks have,” Hollis said.
“There is a tremendous amount of damage being inflicted on them.”


Hollis, whose company sells security products and services such as penetration testing,
said, “Our hackers have never failed to get into a network. However bad you think the
threat is, in reality it’s worse. No matter how easy you think it is to get into a
government system, it’s actually easier.”


Most of the government’s chief information officers agree, according to a recent
list of priorities drawn up by the Chief Information Officers Council, said Alan Paller,
research director for the Sans Institute of Bethesda, Md.


“Everyone agreed that the two highest priorities were security and Y2K,”
Paller said. “The reason you are not hearing more about security is that
everyone’s mind is filled with Y2K.”


Lieberman said the demand for services such as penetration testing are on the rise at
in DOD’s audit agency. “There will be more, I predict, after the year 2000
because, unlike that problem, this one is not going away,” he said.


He said he finds similarities in the scope of the problems, which require total
commitment by management. Security efforts might even benefit from year 2000 experiences,
he said.


“We’re frantically scrambling now to come up with contingency plans for how
to get along without some of our systems,” Lieberman said. “A lot of the plans
are lame because we’ve forgotten how to do that.”   

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above