Duties of infosec czar are hot topic

Duties of infosec czar are hot topic


SAN FRANCISCO'Federal officials are struggling to define information security and what the responsibilities of an infosec czar should be.

'This is actively being debated in the administration,' said Daniel J. Knauf, chief of the National Security Agency's Office of Policy and Corporate Support. 'I would expect some decisions, probably in the form of an executive order, in the not too distant future.'

Knauf and others from NSA spoke at the RSA Conference 2001 last week. NSA, which once shunned public exposure, now frequently takes part in public forums such as the one sponsored by RSA Security Inc. of Bedford, Mass.
'For high assurance, we will continue to build our own,' said Brian D. Snow, technical director of NSA's Information Assurance Directorate. But the government needs help from industry to secure sensitive but unclassified data, and so far the help has proved inadequate.

'Shame on you,' Snow told an audience of industry representatives. 'You should be doing it better.'

Knauf said no one is certain about the position or responsibilities of an information assurance czar'a title he said the president dislikes. But he outlined a few requirements.

A balancing act

The chief hurdle would be balancing privacy, law enforcement, national security and the economy. That makes it unlikely the job would go to an existing office, which probably would have strong ties to one or more such areas.

Snow defined information assurance as being able to trust a product's security features. He did not call for new security features but said existing ones in operating systems, applications and hardware should be better designed, tested and implemented.

The policy is to use off-the-shelf products when possible, Snow said, 'but we don't do that very often' because most do not meet government requirements. 'Through the coming five-year span I see little improvement in assurance, hence little true security.'

Snow said his pessimistic public stance is designed to get a reaction from industry; he's a little more optimistic privately.

Even so, both he and Knauf said the driving force behind the demand for better-quality security products could be legal threats.

'Lawsuits might lead to fitness-for-use criteria for software, much like ones that other industries face today,' Snow said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected