Security takes the stage

Thomas R. Temin

From lawyers alley along Washington's K Street to Capitol Hill, and from chief information officers' suites to agencies' most distant bureaus, a consensus is emerging that security is the Next Big Thing in the federal systems arena.

The presumption is that all year 2000 date code work will end within a few months, leaving everyone with lots of time and money to devote to making systems more secure.

Just to make sure, Rep. Steve Horn is thinking about creating a report card program to grade agencies on their computer security initiatives, as he did for their date code efforts [GCN, Aug. 23, Page 1].

The California Republican's report cards, although hokey, deserve some credit for keeping attention on the issue. Most agencies' systems managers were on top of the 2000 problem, but perhaps the cranky Horn's report cards prodded the few who weren't.

Repairing faulty date code has its subtleties, but basically a system will either process date-dependent code properly or it won't. So although the job was voluminous, it had well-defined parameters.

The same cannot be said of computer security. Whether an agency has adequate systems security is a far harder thing to measure, as Horn himself acknowledges. It may, in fact, be impossible to measure.

Web site hacking, password file cracking, data theft, viruses and denial-of-service attacks differ technically and require different defenses. What's more, remedies vary among operating systems, network protocols and applications. When you fix one security hole, new ones open up.

Of course agencies need to get real about security. It isn't an application you can buy and paste in, nor does it have a deadline after which you can say, 'This system is secure.'

To foster security, Horn and his colleagues could do more than issue report cards. How about passing legislation making digital signatures legal? Or why not overrule the administration's cryptography policy so agencies can put in place security mechanisms that the public can trust?

The report cards are a nice idea, but there's plenty more that Congress can do to ensure the protection of federal systems and data.

Thomas R. Temin

Editorial director

Internet: [email protected]


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected