Experts: Intrusion detection just one security key

Experts: Intrusion detection just one security key

By Christopher J. Dorobek

GCN Staff

Intrusion detection systems can strengthen an agency's security but do not supply complete protection, security experts say.

Furthermore, intrusion detection networks present complicated conditions for federal agencies that must deal with privacy implications, panelists said during a forum at the recent Industry Advisory Council's Executive Leadership Conference.

'Intrusion detection devices should be taken as a whole, not as a standalone' defense, said Joe Sirrianni, product manager for the security Internet services unit of Cisco Systems Inc. of San Jose, Calif.

In addition to intrusion detection, agencies ought to look at a broad security spectrum, said Thomas R. Burke, assistant commissioner for information security at the General Services Administration's Federal Technology Service.

Find a key

Before an agency jumps into funding an intrusion detection system, it ought to consider its security policies and whether it needs a public-key infrastructure.

Such systems can be expensive, especially because of associated personnel costs, Sirrianni said.

'The business case for additional security remains rather nebulous,' said Jeffrey A. Hunker, senior director for critical infrastructure at the National Security Council. Funding requests lead to questions about the threat, and the system's effectiveness and implementation.

One difficult task for an intrusion detection system is determining who is on the inside, who is on the outside and who is an intruder, Sirrianni said.

Contractors often work alongside employees.

Tell about it

Federal agencies face additional problems, said Lee M. Zeichner, president of LegalNetWorks Inc. of Falls Church, Va., and legal counsel to the Critical Infrastructure Assurance Office.

The Privacy Act of 1974 requires that agencies notify citizens any time the government collects information on them.

Therefore agencies must determine early on whether they are collecting data that identifies an individual, he said.

If agencies are not collecting individual identifiers, 'then you can just move on,' Zeichner said.

But at what point does the information collected represent an individual identifier, he asked.

Data reviews

Intrusion detection systems also create a lot of data, and agencies need to consider how that data is used and whether it can be shared across agencies, Zeichner said.

Reviewing the data the system produces is a slow, laborious process, said Douglas Perritt, deputy director of the National Infrastructure Protection Center.

It is a task often left to system administrators who are already overworked and underappreciated, he said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.