Officials from the U.S. National Security Agency (NSA) and other government groups said Monday that they need to take more of a role in protecting cyberspace from outside attacks — even though huge portions of the American economy are now operating on secure information networks held by the private sector.
Speaking at the National Information Systems Security Conference taking place this week in Baltimore, Maryland, Air Force Lt. Gen. Michael Hayden described information as “a place where we must ensure American security as surely as land, sea, air and space.”
Hayden added that he sees a role for the government in helping to evaluate the security features of commercial software programs, comparing the evolving relationship to the one that currently exists between the Air Force and the U.S. aviation industry.
In Hayden’s words, the federal government needs to become the “security statement” for private industry.
Partnership for Government Applications
Other speakers said that too often, commercial software programs do not meet the security standards necessary to make them viable for government use.
“It is going to be very, very difficult to design security into systems after the fact,” said David Farber, chief technology officer for the Federal Communications Commission (FCC). “This is an opportune time to architect security into systems.”
William Mehuron, director of the Department of Commerce’s National Institute of Standards and Technology, said that “much of the software now available has not had security as a priority and we are now going through a tremendous catch-up game.”
According to Mehuron, consumers — including those within the government — need to support these efforts to catch up with their dollars.
“Too many times in the past, there have been concerted efforts among vendors to come up with products that have strong security, only to have those vendors dismayed by users who were then not willing to pay increased prices for those products or put up with the systems degradation issues that come along with them,” he said.
Hayden said that the government, specifically the NSA, also wants to play a defensive role for America’s private computer networks, especially against attacks by “cyber terrorists, a malicious hacker or even a non-malicious hacker.”
Other agencies, such as the Central Intelligence Agency and the National Infrastructure Protection Center of the Federal Bureau of Investigation (FBI) have similar goals.
The NSA, Hayden noted, has been at the forefront of developing security technologies such as iris scanners and fingerprint and voice recognition software.
“We’ve done pioneering work to better protect e-commerce,” said Hayden.
A further concern highlighted at the conference is that in future military conflicts, foreign governments in a dispute with the United States would seek not just to strike military targets, but civilian, electronic ones as well.
During the NATO campaign against Serbia last year, U.S. officials revealed that they had attempted, on a limited scale, to disrupt the enemy’s computer networks.