Passwords will become passé as the military moves toward fingerprint reading, iris scanning and voice recognition as gateways to many of its information and weapon systems. As a result of legislation enacted last year, plans are moving forward to use biometrics for identity verification wherever possible. The goal of the coordinated effort is to shore up information assurance throughout the armed forces by replacing the vulnerable password system with technologies that identify "you as you," according to security experts.
The U.S. government is poised to adopt a new encryption standard that will replace existing ciphers used in secure, nonsecret communications. The algorithm is compatible across a variety of software and hardware applications and in limited-memory environments such as smart cards.
The military is not the only entity that knows information is a powerful weapon. Companies that both develop and depend on communications technologies now recognize that strength increases with numbers and cooperation benefits individual firms and protects overall economic growth. Despite the competitive nature of commerce, information operations have moved from the public to the private sector.
Smart hardware will allow administrators to foil intruders and internal attackers before they can cripple computer systems. The firewall, embedded within a network interface card, creates a tamper-resistant security layer that cannot be subverted or deactivated like traditional software-based defenses. When installed on desktop computers and servers throughout an organization, the cards selectively permit or deny certain types of activities at the department, office or individual levels.
A security management system allows administrators to track computer network threats by providing near-real-time alerts from remote sensors on the network. Software agents, tailored to be expert monitors of specific programs and devices, use rules sets to sift through data before sending reports to a central management engine that tracks and correlates the information. Thousands of potential alerts then are analyzed and reduced to one or two dozen incidents that require immediate attention.
The U.S. Defense Department has established a facility to evaluate and integrate biometric identification systems for military and federal agencies. Charged with multiple responsibilities, this center also serves as a place where government, academia and industry can share their expertise and knowledge.
By Maj. David P. Biros, USAF, and Capt. Todd Eppich, USAF
The U.S. Air Force is researching an information assurance system that incorporates the human factor into protecting data. The system would help analysts charged with monitoring networks identify potential breaches more easily by removing clutter and presenting them with a clear assessment of the danger level.
The U.S. Defense Department is moving ahead with plans to engage Reserve forces further to protect and defend military information systems. The approach takes advantage of available expertise by making it easier for civilian information assurance specialists to put their skills to work for the military.
Balancing function against security may prove to be the tightrope act that determines the future of information assurance. Government and commercial experts are weighing the convenience and capabilities of new technologies against their vulnerability to the burgeoning threat from all corners of cyberspace.
Protecting warfighting information technology systems requires the same situational awareness for networks that battlefield commanders rely on to maneuver forces to outflank and engage an enemy at maximum effective range. Without a near-real-time picture of the U.S. Defense Department's Global Information Grid, the bubble could burst, leaving in question warfighter network defenses.