Agencies say security is a bigger task than Y2K
- By William Jackson
- May 10, 1999
The extent of network security vulnerabilities will dwarf the year 2000 problem,
predicted industry and agency officials late last month at a General Services
Administration seminar in Washington.
Readying systems for 2000 has monopolized agency resources. Now the crisis in Kosovo,
computer virus attacks and insider leaks of U.S. nuclear secrets are spotlighting security
The first problem of the next millennium will be security, said Peter
Goldman, federal sales manager for Secure Computing Corp. of San Jose, Calif.
The standing-room-only crowd at the seminar heard a litany of disturbing statistics:
Its an external problem now, said Mark Fabro, Secure Computings
director of professional services.
A Transportation Department official at the meeting said the Federal Aviation
Administration is forming a security council much like the White House council that heads
up the year 2000 effort.
Unlike the year 2000 problem, which has a firm deadline, security is a never-ending
race to stay one step ahead of hackers, said the official, who asked not to be identified.
He said the intrusion statistics did not surprise him.
The worst is yet to come, Fabro predicted. He said there has been no
progress on Presidential Decision Directive 63 for establishing critical
Part of the reason has been the diversion of information technology resources to date
code repair. Fabro said he has seen a marked increase in federal awareness of security
problems, and an encouraging willingness on the part of federal administrators to talk
about them. He predicted a wave of security spending early next year.
One vendor said that although year 2000 preparations have stifled spending on security,
they have raised awareness governmentwide.
What Y2K taught us was: I dont know whats on my network and I have a
lot of vulnerabilities I didnt know about, said Cress Carter, president of L3
Network Security, a division of L3 Communications Corp. of Denver. We have seen a
surge of interest in the last eight months.
According to Fabro, the top vulnerabilities of government networks are poorly
configured Web servers and firewalls, Web servers that handle more than Hypertext Transfer
Protocol requests, guest accounts on Unix servers, log-in assistance menus on dial-in
servers and Microsoft Windows NT platforms installed straight out of the box.
NT has the capability of being very secure, Fabro said, but you have
to reach for it and go the extra mile. Nothing should come out of the box and be put
All hardware and software settings must be configured for particular users
security needs to ensure that loopholes and back doors have been closed, he said.
Fabro advised administrators, You must secure what you have chosen to
deploy. Those who fail to do so at the start will have no time to catch up later, he
William Jackson is a Maryland-based freelance writer.