Government primes IT security pump
A lot of attention has been paid recently to security holes found in Microsoft Corp. software products such as Exchange Server and the new Office XP suite. One security expert said things are not likely to get better soon.
Security holes 'come with any very complicated operating system like Windows 2000, and it won't get any easier with the release of Windows XP in October,' said Bill Wall, chief computer security engineer at Harris Corp. of Melbourne, Fla. 'It's no better with Unix or Linux. You're going to have to accept that codes are complicated and be prepared for it.'
Wall was a senior security analyst for the Air Force Computer Emergency Response Team. Rather than wait for secure software, he said, government administrators just have to buckle down to updating their programs and patching them where needed.
Compounding the problem is the shortage of security personnel trained at the university level. When Wall was assessing security for the Air Force, he said, he had to perform a delicate balancing act'identifying smart young people who knew hacker tricks and who could nevertheless be trusted.
Some help is on the way for beleaguered system administrators. The National Science Foundation has awarded $14 million in cybercorps scholarships for 198 students at six universities over four years in the first round of the federal Scholarships for Service program.
The program will provide up to $25,000 a year to a student pursuing a degree in information security in return for a commitment to work for the government one year for each year of support.
Congress approved funds last year for the scholarships as part of NSF's 2001 budget. It will take four years for students entering the pipeline to arrive at government workplaces, however, and when the flow does start it will be only a trickle. So, if you would like the help of a bright, young security specialist at your agency, contact the Office of Personnel Management early.
OPM will handle that end of the program, although the details of how graduates will be assigned have not been worked out.
It seems a pretty safe bet that demand will outstrip supply.