While military combatants continue to fight the war against terrorism on the battlefield, U.S. government officials are stepping up work to protect the borders of cyberspace. Information infrastructure security is such a high priority that government agencies are now required to provide reports on risk assessments, system security needs and security plans before they receive program funding.
The newest U.S. government plan for cybersecurity proposes some short-term remedies while acknowledging that long-term security goals may take years to come to fruition. First published in draft form last fall, the new version establishes a list of priority programs but eschews detailed directives. This changes the thrust of the strategy from an operations manual to a list of guidelines.
People and equipment rise to the occasion when military computer networks are attacked, according to evaluators at a recent U.S. Air Force exercise. A two-week event that tested experts on both native Air Force networks and a simulation range produced some surprises in the capabilities of humans and hardware.
One of the key factors inhibiting the growth of the wireless fidelity market is security. The attractive wireless technology that offers a wide range of applications also is generating a wave of uncertainty about the fidelity of its connectivity.
A review of U.S. Defense Department information systems using a code analysis process has found no evidence of deliberate infusion of vulnerabilities into applications, but it has found instances of bad coding practices and programmer shortcuts that have left systems open to attack. The vulnerabilities found would not have been easily detected by an outside source, but they were open doors for an insider who wished to exploit them. The systems were hosted on extremely critical networks where a breach could have catastrophic consequences.
An increasing emphasis on information security is prompting experts in the technology industry to follow the lead of the medical and legal professions, which feature a system of specialties and subspecialties. One major accreditation organization is taking a closer look at the government sector and addressing the distinct circumstances of information security specialists in that arena. Once specific issues are identified, they could affect the certification process as well as influence public policy.
A software analysis tool allows military and civilian managers of government facilities to evaluate vulnerability to terrorist attacks quickly. Now being installed at all U.S. military installations, the program calculates the risks that a variety of extremist organizations pose to a base or building, taking into account known tactics, methods of attack, preferred weapons and capabilities. This data is converted into graphics and three-dimensional models that can be stored and incorporated into reports.
Soldiers assigned to information operations units in the U.S. Army Reserve Information Operations Command are improving their mission readiness for the latest cybersecurity threats with specialized training developed by the Software Engineering Institute at Carnegie Mellon University.