I have to admit it's getting better

William Jackson

Brian D. Snow, technical director of the National Security Agency's Information Assurance Directorate, stood before the RSA Conference 2001 in San Francisco last month and made his familiar plea.

'I'm from NSA, and I'm here to ask for your industry's help,' he said.

He wants off-the-shelf hardware and software to assure safety for sensitive but unclassified data traffic. But he doesn't want new security features.

'What we really need but are unlikely to get are greater levels of assurance' in existing products, he said.

Snow's definition of assurance is security that works, especially in a hostile environment. 'I'm not asking for development of new science,' he said, but for vendors to perfect the science already deployed.

Snow has been making the plea for some time now. He gave essentially the same talk at the Black Hat Briefings last July and said he would give it three more times this year. But there is good news. 'I'm changing the talk next year,' he said.

His public complaints are for the unconverted, Snow said. Privately, he is a little more optimistic about prospects for information assurance.

Open-source developers are beginning to embrace NSA's secure Linux kernel, which will be incorporated in a future release of a commercial product, he said. And he has talked with several vendors that, he said, seem to want to build high-quality reputations for their information assurance products.

Snow said he and other government users are more interested in the quality of the products they use than in the new features of the latest release.

Building in assurance, of course, lengthens the development cycle'anathema to companies competing on Internet time. But if users insist on reliability, information assurance in off-the-shelf products could turn into a selling point.

There are some indications this is happening.
Christopher Darby, president and chief executive officer of Internet security consultancy @stake Inc. of Boston, said more companies are putting quality above speed.

An off-the-shelf product that truly works could be worth more'both to a company's bottom line and to the users' peace of mind'than all of Silicon Valley's patches and service packs.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected