|
si-'kyur-et-e
The
pronunciation guide in a dictionary shows just how
difficult security is to define and maintain.
But rest assured that
Virginians are on the case.
Look
up the word “security” in a dictionary and you
get a couple of definitions that date back to the
15th century. Security refers to “the
quality or state of being secure” as in freedom
from danger, fear or anxiety. It suggests safety,
even protection against attack, crime, sabotage or
escape. The definition centuries ago might have
applied to daggers and longbows, witches and the
plague, but now it covers downed electrical lines
during a hurricane, viruses set loose in computer
networks and planes purposely flown into
buildings. Security today encompasses not just
physical arrangements or information, but value
judgments about threats, intent, likelihood and
capabilities.
With
Gov. Mark R. Warner keynoting the fourth annual
“Networked Economy Summit” October 20 at
George Mason University (GMU), Virginia
is focusing on strengthening network security in
order to spur global economic growth. Concerns
about security, in fact, have become a growth
industry and Virginians can take some comfort
knowing that their fellow citizens are huddling
together in lots of new ways to tackle the problem
and, perhaps, reap economic rewards.
Northern
Virginia Rep. Tom Davis, R-11, for example,
recently championed U.S. House of Representatives
action on H.R. 3519, the “Government Network
Security Act.” Working from his chairmanship of
the House Government Reform Committee with ranking
Democrat Henry Waxman, D-30, of
California,
Davis
proposed that federal executive departments and
agencies protect government computer and
information from risks posed by peer-to-peer file
sharing programs, those Internet applications best
known for facilitating direct sharing of music
files or video games.
"File sharing technology is
not inherently bad and it may turn out to have a
variety of beneficial applications," Rep.
Davis pointed out, but he suggested the government
needs to avoid putting information and computers
at risk as it pursues innovations in peer-to-peer
technology on government networks. His committee
staffers had found it fairly easy to obtain
otherwise confidential tax records, medical
records and business files while using such
applications. Companies that provide fixes can
look at a new federal contracting opportunity.
Similarly, Microsoft announced last week that it will begin issuing
security warnings and software patches on a
regular schedule. On the upside, regular updates
on the second Tuesday or Wednesday of the month
will ease the frustration of systems managers, who
never could be quite sure when they’d next be
applying patches while under attack. On the
downside, integrating security responses into the
calendar acknowledges that threats are so
pervasive as to be institutionalized. Future
alerts might be a simple, “And now we return to
our regularly scheduled threat analysis and patch
download program.”
Tech
legend Bill Joy, who resigned just a few weeks ago
as chief scientist at Sun Microsystems, told
FORTUNE in September that there is a real need to
build a new Internet less prone to viruses and
spam, not just bolt more filters and caches onto
computers. “Writing everything in Java will
help,” Joy said of Sun’s programming language,
“because stuff written in antique programming
languages like C is full of holes. Those languages
weren’t designed for writing distributed
programs to be used over a network.”
The
Internet itself, a great economic driver for the
Virginia
economy in the last decade, wasn’t engineered
for security and privacy. But Virginia Tech was
one of the first to begin defining the next
generation Internet in 1998 with collaborative
partners such as the U.S. Army National Guard,
EDS, NEC and then Bell Atlantic. George Mason
University (GMU), SAIC and others in
Virginia
followed. What academics, scientists, executives
and officials learned together is that a desire,
even the commitment to protect and secure modern
information technology and telecommunications
systems, can never be as valuable as software,
systems and networks engineered to do so.
Other
Virginians continue to step into the picture. Mark
Grady, Dean of the GMU School of Law, for example,
also is the principal investigator in something
called the Critical Infrastructure Protection
Project (CIP Project). The CIP Project is a
remarkable new collaborative effort between GMU
and another of Virginia’s
fastest-growing universities, James
Madison
University.
It is a perfect example of the collaboration that
real-world challenges now demand, especially where
responsibilities of the private and public sectors
overlap. The project already has brought in over
50 individual research initiatives involving 14
universities, 77 research professors and 150
research assistants and students.
The
CIP Project is anchored in the
National
Center
for Technology and Law at GMU and the Institute
for Infrastructure and Information Assurance in
the
College
of Integrated
Science
and Technology at JMU. For Alan Merten, President
of GMU, and Linwood Rose, President of JMU, the
goal is to build jointly a nationally recognized
program that fully integrates the disciplines of
law, policy and technology for enhancing security
of cyber networks and critical infrastructure
protection. JMU’s research focus on network
security risk assessment and the design of an
interdisciplinary course on critical systems under
the direction of Dr. John Noftsinger will project
CIP onto the national security screen.
Not
by chance, the CIP Project is funded through a
grant administered by the National Institute of
Standards and Technology (NIST) with Virginia Rep.
Frank Wolf as a lead advocate. But it interlocks
with a wider Virginia
effort, too, in which JMU, GMU, Virginia Tech and
Hampton
University
are joined in the Commonwealth Information
Security Center (CISC). CISC is a reciprocal
agreement and technology transfer alliance
designed to support Virginia’s
emergence as a leading provider and beneficiary of
information security services, policies and
products. In recognition of the upside potential
inherent in security risk, the
Commonwealth
of Virginia
seeded CISC with $4 million and attracted another
$5 million plus from the private sector.
Some
political leaders seem to suggest that such
cooperation and collaboration --
multi-institutional, multi-disciplinary, public
and private, across levels of government -- can be
forced as if the centralized, command and control,
hierarchical models that played out in the 15th
century still work best. The world has changed.
Pressure doesn’t always make diamonds. Modern
collaboration must be functional in nature to work
– carefully facilitated, not forced.
For
a state government increasingly lacking resources
to buy a harness, much less a whip, functional
collaboration in which all parties choose to
participate on terms that allow all to benefit is
the only model that will work. The CIP Project
shows that collaborative efforts in Virginia
are working. Attempts to substitute danger, fear
or anxiety for scarce resources will facilitate
neither security nor success.
--
October
20, 2003
|