Army assesses state's LAN security
- By Jason Miller
- Nov 18, 2003
The Army's security recommendations will help New Jersey officials identify and plug network security gaps, Steven Dawson says.
New Jersey IT officials are confident in the security of the Garden State Network'a WAN connecting 16 state agencies. But the agencies' individual LANs caused chief technology officer Steven Dawson some concern.
So when the opportunity arose to take advantage of the Defense Department's expertise to improve New Jersey's IT security, Dawson didn't think twice.
The state entered into a cooperative research and development agreement with the Army Communications-Electronics Command's Research, Development and Engineering Center (CERDEC) at Fort Monmouth, N.J., to analyze the state's network security and recommend improvements.
'We fared extremely well against the recent viruses, but it was a challenge to keep some of the LANs safe,' said Dawson, who became familiar with the Army's capabilities while he worked in the private sector. 'When I looked at the federal government, the military's capabilities in infrastructure protection immediately came to my mind.'
Dawson said agencies send about 2 billion transactions across the network each year.
The agreement between New Jersey and CERDEC is the first of its kind, said James Soos, the center's deputy director for homeland security and project director.
'New Jersey approached us with the idea of transferring technology to improve their systems,' Soos said. 'Steve and I started talking about how we could do it, and the agreement and technology transfer were the best ways.'
Army and contractor personnel from Science Applications International Corp. of San Diego and Mitre Corp. of Bedford, Mass., undertook a three-pronged evaluation of New Jersey's networks. In the first phase, state officials answered written questions. Then auditors conducted interviews with managers to discuss the written answers in more detail.
Finally, contractors used network discovery software from Solarwinds.net of Tulsa, Okla., and WhatsUp Gold from Ipswich Inc. of Lexington, Mass., to further analyze the state's cybersecurity, Soos said.What to adjust
The Army team finished the network evaluation earlier this month. Now they will draw up policy and procedure recommendations and will suggest specific hardware and software that should be installed to improve network security, Soos said.
'Their recommendations will show us where our gaps are and how to address them,' Dawson said. 'This will lead to the further deployment of intrusion and detection response systems.'
The Army's evaluation and recommendations are costing New Jersey $250,000. Dawson said he may extend the agreement to include implementation of the Army's suggestions.
Other states have expressed interest in New Jersey's agreement with the Army, Soos said. He has held discussions with Alaska, Arizona, Georgia, Oregon, Pennsylvania and Texas.
'It would be beneficial for any state seeking to improve their information assurance,' Soos said.