Thank the Love Bug
Thomas R. Temin
You've got to thank the perpetrators of the ILOVEYOU virus and its variants for one thing. Like the 10th plague of Egypt, they've prodded federal agencies to accelerate from walking to trotting toward more secure systems.
Individual users are unaffected by Web site attacks or data pilferage, other than the institutional embarrassment it causes. Similarly, it's already against the rules to leave data-laden portable PCs lying around where they can be easily purloined.
But what about fast-spreading, e-mail-crashing messages?
They stop offices and users in their tracks. The resulting hue and cry sure gets management's attention.
There are encouraging signs that the government is taking security more seriously than ever.
One example is the Chief Information Officers Council's new effort to round up and disseminate best security practices via the Web [GCN, June 5, Page 8
]. Managers can't just submit any old idea for posting on the new security Web site, however. Each practice will be subject to validation by a team from the National Security Agency and the National Institute of Standards and Technology. That's smart.
Another result of the viruses is that the Federal Computer Incident Response Capability team and similar teams around government are also moving into higher gear.
But fundamentally, agencies still must get out of what you might call the R&R mode of security thinking: react and retrofit. Instead, security must be an organic part of the conception and design of systems from the outset.
A friend of mine is in the business of installing big-buck home entertainment systems. His customers are willing to spend upwards of $50,000 on integrated security, audio and video systems.'The most frustrating part of his business? Home builders, locked into old-fashioned thinking, won't let the wiring crews onto building sites. The same builders wouldn't dream of Sheetrocking a new house before the plumbers and electricians were done, but electronic wiring simply isn't in their frame of reference.
The result is expensive, less-than-optimal installations.
Too often, security is still like that'something to be retrofitted instead of designed and built in from the start. When that happens, the results are like those houses'lots of workarounds.
In short, you'll get two benefits to thinking ahead on security: technical superiority and lower costs.Thomas R. Temin