Mehan: Cybersecurity should work like a human immune system

Mehan: Cybersecurity should work like a human immune system

Security products should be engineered differently to block more pathways to intrusion by hackers, worms and viruses, the Federal Aviation Administration's CIO said yesterday.

'We will have to move to an android cyberdefense that mimics human biodefenses,' said FAA CIO Dan Mehan yesterday at an industry event sponsored by National Business Promotions and Conferences in Falls Church, Va.

Mehan compared the ideal intrusion defense with the human immune system's ability to isolate and target infections. That kind of futuristic security will have to come from research organizations and universities, he said.

FAA has a multilayered security architecture and uses a security certification and authorization program (SCAP) to harden all its systems, Mehan said. Starting early next year, the agency will accelerate the number of SCAPs by applying full-court certification and accreditation to critically important systems with less stringent review for other systems, he said. The Federal Information Security Management Act requires agencies to certify their systems and report on their progress.

FAA is in the first stages of developing what Mehan called an orderly quarantine of viruses, 'but it will take three or four years of research to get more sophisticated,' he said. For example, not all networked systems need data supplied to them in real time. Instead, users could go to a data mart for stored information. If their machines are infected, security screening could disconnect them at the data mart. A targeted quarantine would supply additional protection, he said.

Mehan said developing an enterprise architecture improves systems security because it cuts down on duplicate systems and lines of code.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.