Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] DOD: Systems need more protection,

DOD: Systems need more protection
BY Matthew French
July 28, 2003 	
The Defense Department must do more to guard against cyber threats, said
Robert Lentz, the department's director of information assurance.

"As our dependence on information networks increases, it creates new
vulnerabilities, as adversaries develop new ways of attacking and
disrupting U.S. forces," he said. "Everyone must be made aware of his or
her role in assuring the nation's information."

Lentz, speaking late last week to a House Subcommittee on terrorism,
unconventional threats and capabilities, said that in recent years the
department has become more reliant on off-the-shelf products proven in
the commercial world. But some experts said that off-the-shelf code can
require frequent security patches because holes repeatedly emerge in
commercial code. And off-the-shelf software mainly comes from people
with no security clearance or workers in other countries.

Foreign labor "has been wonderful for the economy," said Eugene
Spafford, a Purdue University professor and director of the school's
Center for Education and Research and Information Assurance and
Security. "But it has introduced tremendous vulnerability to our

Much of the commercial software used by defense agencies was never meant
for use in a military environment, or subjected to the ferocity of
attacks often seen by defense networks. Last year alone the department
defended itself against 50,000 attack attempts to gain access to the
network, Lentz said.

Robert Dacey, director of the General Accounting Office's technology
team, credited DOD with being one of the most advanced agencies for
information assurance. However, a GAO report released last week said the
department lacks policies needed to tightly guard data and ways to
enforce the policies it does have. Although the department has an
Information Assurance Program, officials don't have a way to measure
compliance with the government's security policies, according to the

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.