[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] GovNet-Update und Debatte
GovNet: What Is It Good For?
By Michelle Delio
9:30 a.m. Jan. 21, 2002 PST
Security experts are wondering just how many classified, ultra-secure
networks the U.S. government really needs.
Government officials may be wondering about that too, judging by the
generally lukewarm interest in GovNet, intended to be a new secure
network for government agency use.
Federal security experts will be reviewing proposals for the GovNet
this week, but insiders report there is little excitement among the
federal intelligence community for the project.
GovNet is the pet project of Richard Clarke, special assistant to the
president for cyberspace security. Clark pitched the project to
President Bush in October 2001, saying it was necessary to have a
protected, ultra-reliable network through which government agencies
could share information.
But many security experts believe GovNet is a redundancy. They said
identical protected networks are already available for use by federal
agencies, and Clarke's efforts would be better directed at revamping and
revitalizing the existing systems.
"If Clarke is really concerned about improving federal information
systems security, he will move to secure what he's already got deployed,
not go out and fund more problems for himself," said Richard Forno,
chief technology officer at security firm Shadowlogic.
"He should take the GovNet money and fix the existing problems; put in
newer, more secure software and operating systems; train the IT staffs
and agency managers on how to work in an information-based society and
enterprise; and develop a government-wide IT infrastructure that can
truly be called 'assured,' 'secured' and 'trusted.'
"Unfortunately, he's going down the all-too-familiar U.S. government
path of creating a new rice bowl (fiefdom) to hide from the problems of
the real world," Forno said. "That's what GovNet is, a diversionary
measure intended to escape the existing problems in the federal IT
One of the government's existing secure networks, Intelink, has
recently gotten a new lease on life, according to government
intelligence workers who spoke last week at the Federal Convention on
Emerging Technologies in Las Vegas.
Intelink went online in late 1994, but the network didn't have many
users until recently, according to William Spalding, chief of the
applications group under the Intelligence Community Chief Information
Office Executive Board.
Spalding said hundreds of users are now accessing Intelink and using
the network to share intelligence news intended to combat terrorism.
Spalding noted that there simply was no "burning need" that would
inspire people to use Intelink before the Sept. 11 attacks, when the
network was mostly populated by computer aficionados.
Intelink runs off dedicated Defense Department servers and has no
links to the Internet.
"Intelink was started in 1994 with COTS (commercial off-the-shelf)
products such as the Mosaic browser," said William Wall, previous
security engineer at the Air Force Information Warfare Center and Air
Intelligence Agency. "It was to be used only between the intelligence
community -- the FBI, CIA, DEA, NSA -- and since it's not had heavy use,
it may well be obsolete now."
Spalding said that work is underway to secure Intelink even further,
and to develop new policies for its use. It still has not been
established whether state and local agencies should be allowed to access
the network and who will have complete or limited access to the
information stored on Intelink.
Wall, now chief security engineer at Harris Corporation's STAT
computer security division, said that GovNet does not have a
"When I first heard about it, I was very curious whether it would
replace current systems in place, such as Intelink, Siprnet and Niprnet,
or supplement them. Siprnet is completely classified and completely
Other experts also wondered why Clarke wants to reinvent the wheel,
when protected networks are already up, running and available.
"Clarke's call for GovNet just fell off the OHS radar for some
reason," Rob Rosenberger of Vmyths said. "It didn't exactly 'go away'
per se -- it just lost its inertia. I don't know why. If I had to make a
guess, I'd look to see if Clarke got a mouthful from the guys who manage
GovNet is not quite dead yet. More than 170 proposals have been
received from vendors who want to be involved in the networks creation.
Federal security experts will review the proposals this week and
submit a report to Clarke's office in early February. An independent
evaluation of the proposed network will be performed by Carnegie Mellon
University's Software Engineering Institute.
Once the reports have been analyzed, government officials will decide
whether GovNet is a go. Clarke, speaking at the Business Software
Alliance's Global Tech Summit in Washington in December, said that
despite his hopes the network will become a reality, GovNet may never
get off the ground.
Forrester Research released a report in October saying that GovNet was
a "pipe dream" that "simply won't work" due to the complexity of the
Clarke's outline for GovNet called for a massive, completely private
Intranet for government agencies and authorized users. The network would
have voice and video capabilities; be completely protected from outages,
hack attacks and viruses; and be able to carry highly classified data
Clarke's plans also called for GovNet to be operational six months
after awarding the contract to vendors, with more sophisticated
capacities coming online within a year.
Security experts said the timeline is impossible to meet.
"The RFI (Request for Information) notice gave vendors one month to
propose a turnkey solution for an NSA-approved classified Intranet with
video- and voice-over-IP, for all U.S. government offices, with a
six-month IOC window," Rosenberg said. "The RFI is unachievable --
unless you propose Intelink."
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.