CYBER EYE

I have to admit it's getting better

William Jackson

Brian D. Snow, technical director of the National Security Agency's Information Assurance Directorate, stood before the RSA Conference 2001 in San Francisco last month and made his familiar plea.

'I'm from NSA, and I'm here to ask for your industry's help,' he said.

He wants off-the-shelf hardware and software to assure safety for sensitive but unclassified data traffic. But he doesn't want new security features.

'What we really need but are unlikely to get are greater levels of assurance' in existing products, he said.

Snow's definition of assurance is security that works, especially in a hostile environment. 'I'm not asking for development of new science,' he said, but for vendors to perfect the science already deployed.

Snow has been making the plea for some time now. He gave essentially the same talk at the Black Hat Briefings last July and said he would give it three more times this year. But there is good news. 'I'm changing the talk next year,' he said.

His public complaints are for the unconverted, Snow said. Privately, he is a little more optimistic about prospects for information assurance.

Open-source developers are beginning to embrace NSA's secure Linux kernel, which will be incorporated in a future release of a commercial product, he said. And he has talked with several vendors that, he said, seem to want to build high-quality reputations for their information assurance products.

Snow said he and other government users are more interested in the quality of the products they use than in the new features of the latest release.

Building in assurance, of course, lengthens the development cycle'anathema to companies competing on Internet time. But if users insist on reliability, information assurance in off-the-shelf products could turn into a selling point.

There are some indications this is happening.
Christopher Darby, president and chief executive officer of Internet security consultancy @stake Inc. of Boston, said more companies are putting quality above speed.

An off-the-shelf product that truly works could be worth more'both to a company's bottom line and to the users' peace of mind'than all of Silicon Valley's patches and service packs.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected