Koelemay's Kosmos

Doug Koelemay



 

si-'kyur-et-e

 

The pronunciation guide in a dictionary shows just how difficult security is to define and maintain. But rest assured that Virginians are on the case.


 

Look up the word “security” in a dictionary and you get a couple of definitions that date back to the 15th century. Security refers to “the quality or state of being secure” as in freedom from danger, fear or anxiety. It suggests safety, even protection against attack, crime, sabotage or escape. The definition centuries ago might have applied to daggers and longbows, witches and the plague, but now it covers downed electrical lines during a hurricane, viruses set loose in computer networks and planes purposely flown into buildings. Security today encompasses not just physical arrangements or information, but value judgments about threats, intent, likelihood and capabilities.

                                                                       

With Gov. Mark R. Warner keynoting the fourth annual “Networked Economy Summit” October 20 at George Mason University (GMU), Virginia is focusing on strengthening network security in order to spur global economic growth. Concerns about security, in fact, have become a growth industry and Virginians can take some comfort knowing that their fellow citizens are huddling together in lots of new ways to tackle the problem and, perhaps, reap economic rewards.

 

Northern Virginia Rep. Tom Davis, R-11, for example, recently championed U.S. House of Representatives action on H.R. 3519, the “Government Network Security Act.” Working from his chairmanship of the House Government Reform Committee with ranking Democrat Henry Waxman, D-30, of California, Davis proposed that federal executive departments and agencies protect government computer and information from risks posed by peer-to-peer file sharing programs, those Internet applications best known for facilitating direct sharing of music files or video games.

 

"File sharing technology is not inherently bad and it may turn out to have a variety of beneficial applications," Rep. Davis pointed out, but he suggested the government needs to avoid putting information and computers at risk as it pursues innovations in peer-to-peer technology on government networks. His committee staffers had found it fairly easy to obtain otherwise confidential tax records, medical records and business files while using such applications. Companies that provide fixes can look at a new federal contracting opportunity.

 

Similarly, Microsoft announced last week that it will begin issuing security warnings and software patches on a regular schedule. On the upside, regular updates on the second Tuesday or Wednesday of the month will ease the frustration of systems managers, who never could be quite sure when they’d next be applying patches while under attack. On the downside, integrating security responses into the calendar acknowledges that threats are so pervasive as to be institutionalized. Future alerts might be a simple, “And now we return to our regularly scheduled threat analysis and patch download program.”

 

Tech legend Bill Joy, who resigned just a few weeks ago as chief scientist at Sun Microsystems, told FORTUNE in September that there is a real need to build a new Internet less prone to viruses and spam, not just bolt more filters and caches onto computers. “Writing everything in Java will help,” Joy said of Sun’s programming language, “because stuff written in antique programming languages like C is full of holes. Those languages weren’t designed for writing distributed programs to be used over a network.”

 

The Internet itself, a great economic driver for the Virginia economy in the last decade, wasn’t engineered for security and privacy. But Virginia Tech was one of the first to begin defining the next generation Internet in 1998 with collaborative partners such as the U.S. Army National Guard, EDS, NEC and then Bell Atlantic. George Mason University (GMU), SAIC and others in Virginia followed. What academics, scientists, executives and officials learned together is that a desire, even the commitment to protect and secure modern information technology and telecommunications systems, can never be as valuable as software, systems and networks engineered to do so.

 

Other Virginians continue to step into the picture. Mark Grady, Dean of the GMU School of Law, for example, also is the principal investigator in something called the Critical Infrastructure Protection Project (CIP Project). The CIP Project is a remarkable new collaborative effort between GMU and another of Virginia’s fastest-growing universities, James Madison University. It is a perfect example of the collaboration that real-world challenges now demand, especially where responsibilities of the private and public sectors overlap. The project already has brought in over 50 individual research initiatives involving 14 universities, 77 research professors and 150 research assistants and students.

 

The CIP Project is anchored in the National Center for Technology and Law at GMU and the Institute for Infrastructure and Information Assurance in the College of Integrated Science and Technology at JMU. For Alan Merten, President of GMU, and Linwood Rose, President of JMU, the goal is to build jointly a nationally recognized program that fully integrates the disciplines of law, policy and technology for enhancing security of cyber networks and critical infrastructure protection. JMU’s research focus on network security risk assessment and the design of an interdisciplinary course on critical systems under the direction of Dr. John Noftsinger will project CIP onto the national security screen.

 

Not by chance, the CIP Project is funded through a grant administered by the National Institute of Standards and Technology (NIST) with Virginia Rep. Frank Wolf as a lead advocate. But it interlocks with a wider Virginia effort, too, in which JMU, GMU, Virginia Tech and Hampton University are joined in the Commonwealth Information Security Center (CISC). CISC is a reciprocal agreement and technology transfer alliance designed to support Virginia’s emergence as a leading provider and beneficiary of information security services, policies and products. In recognition of the upside potential inherent in security risk, the Commonwealth of Virginia seeded CISC with $4 million and attracted another $5 million plus from the private sector.

 

Some political leaders seem to suggest that such cooperation and collaboration -- multi-institutional, multi-disciplinary, public and private, across levels of government -- can be forced as if the centralized, command and control, hierarchical models that played out in the 15th century still work best. The world has changed. Pressure doesn’t always make diamonds. Modern collaboration must be functional in nature to work – carefully facilitated, not forced.

 

For a state government increasingly lacking resources to buy a harness, much less a whip, functional collaboration in which all parties choose to participate on terms that allow all to benefit is the only model that will work. The CIP Project shows that collaborative efforts in Virginia are working. Attempts to substitute danger, fear or anxiety for scarce resources will facilitate neither security nor success.

 

-- October 20, 2003

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

More about Doug Koelemay

 

Contact info

 

J. Douglas Koelemay

Managing Director

Qorvis Communications

8484 Westpark Drive

Suite 800

McLean, Virginia 22102

Phone: (703) 744-7800

Fax:    (703) 744-7994

Email:   dkoelemay@qorvis.com