Risks rise as network links do, security experts say

Risks rise as network links do, security experts say

'We're in combat every day' is how one Army chief describes running networks for DOD

By Christopher J. Dorobek

GCN Staff

ATLANTA'As agencies become increasingly dependent on networks, they must realize that their systems are only as secure as the weakest link, security experts warned last week.

'We are in combat every day,' said Michael L. Gentry, senior technical director and chief engineer of the Army Signal Command at Fort Huachuca, Ariz.

Just two years ago, the Army had relatively little network defense, he said at the recent Federation of Government Information Processing Council's Management of Change conference. It was nearly impossible to detect an attack and the severity of an incident. Since then, the Defense Department has been working to improve its network security, he said.

This means war

The threat is real, Gentry said. The Army has installed 170 intrusion detection systems. In fiscal 1999, there were 55 million intrusions detected, and 23.5 million were considered suspicious. Of those, 9 million incidents required further analysis, and there were 247 breaches of Army systems, he said.

In February and March alone, the Army looked into 330,000 suspicious events.

'We have to improve our security methods,' Gentry said.

Many organizations do not take security seriously and fail to take the necessary steps to protect their systems, said speaker Christopher W. Klaus, founder and chief technology officer of Internet Security Systems Group Inc. of Atlanta.

And though agencies often protect the servers that house their most critical data, they then fail to protect other systems that let hackers load sniffer programs on the networks to find ways to tap the critical data, he said.

Although the Army is working to get a handle on the current situation, the security picture is constantly changing, Gentry said.

It is unclear what security vulnerabilities new technologies, such as wireless routers, might create, he said.

'Security is not a technology. It's a process,' Klaus said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.