February 2001
By Christian B. Sheehy

An internal software application picks up where external monitoring leaves off.

Advances in computer network security are empowering network-dependent organizations to address the sobering fact that a majority of threats to proprietary information today originate within the pool of authorized users. A new off-the-shelf software application that monitors the flow of data through a network enables organizations to counter internal threats to sensitive information by identifying the source of a violation. The U.S. Defense Department is exploring the software as a way to address its security concerns.

August 1999
By Henry S. Kenyon

New software under development employs case-based reasoning and intelligent agents to adapt to and defend computer networks.

Software designers are applying artificial intelligence principles to new computer security systems. These tools and protocols create the potential for agile software capable of quickly identifying and responding to new threats.

Recent cyberattacks on major corporate and government computer networks and World Wide Web sites continue to prove that the Internet can be a rough neighborhood. But choosing the appropriate level of response to attacks and probes still presents a conundrum.

August 1999
By Maryann Lawlor

Public key infrastructure unlocks the door to secure transactions on Internet avenues.

The company that created the secure sockets layer to manage network message transmission security, and today opens the Internet to tens of millions of people around the world, is now collaborating with the U.S. Defense Department to secure cyberspace communications and transactions.

August 1999
By Robert K. Ackerman

Government will support and enable security efforts, but industry must lead in protection against hostile acts.

The greatest threat to U.S. security may come from internal software or hardware trapdoors lying dormant in the nation’s critical infrastructure. The digital equivalent of Cold War moles, these hidden threats would serve as access points for criminals, terrorists or hostile governments to extort money, impel foreign policy appeasement or ultimately launch crippling information attacks on the United States.

August 1999
By Maryann Lawlor

Dot-sized security mechanism throws a wrench in wheels of hacker breach attempts.

The mechanical principles that protect personal belongings inside a high school locker may hold the key to guarding digital assets. Creators of a miniature combination lock, which consists of six gears that together are the size of a shirt button, believe the device guarantees that systems can be shielded from invasions with a one-in-a-million chance that an intruder can break the code.

October 1999
By Michelle L. Hankins

Scientists lay groundwork that offers security to unclassified systems.

Researchers at the Department of Energy’s Sandia National Laboratories have developed a new encryption device that promises the security and bandwidth accommodation necessary to scramble various types of data at speeds unmatched by many other encryption technologies.

November 1999
By Henry S. Kenyon

New language aids network intrusion detection and response applications.

Researchers are developing a programming language that enables different computer intrusion detection and response applications to communicate with each other, offering users a more complete defense against cyberattacks. The goal of the common intrusion detection framework is to allow interoperability among the variety of security components that reside on a single network.

December 1999
By Michelle L. Hankins

Ultimate goal is to store data from different classification levels separately but enable viewing them concurrently.

Researchers at Sandia National Laboratories are developing an architecture to eliminate threats to thin-client computer networks. These networks rely on applications servers to drive desktop workstations. Coupling security elements that will evolve from their work with commercial technology, the scientists hope to create a computing environment that offers increased flexibility and accessibility for network users without compromising security.

February 2000
By Tim Bass

Experience gained from battlefields helps military prepare information operations defenses.

Future military cyberspace security may require next-generation network management and intrusion detection systems that combine both short-term sensor information and long-term knowledge databases to provide decision-support systems and cyberspace command and control. Sophisticated computer hardware and software would identify a myriad of objects against a noise-saturated environment. Cyberspace command and control systems would track the objects, calculate the velocity, estimate the projected threats, and furnish other critical decision-support functions.

April 2000
By Clarence A. Robinson, Jr.

National Security Agency promotes information technology trials through protection profiles, flexible common criteria.

Uncertainty surrounding a patchwork of commercial information security products hurriedly placed in use on U.S. Defense Department computers and networks is reshaping policy. Successful test and evaluation of these products in specified laboratories will soon become a prerequisite for procurement by military services and defense agencies.

April 2000
By Michelle L. Hankins

Establishing internal and external guidelines remains top priority in network assurance.

To protect information systems from security breeches, organizations increasingly are embracing a comprehensive strategy that relies on both technology and enforced policies. Meanwhile, the legal system has been hard pressed to keep pace with information system protection issues, leaving many questions unanswered about how far businesses may go to protect their systems.

May 2000
By Roger Black

National Security Agency designs data protection to open options for traveling decision makers.

The adoption of networked systems and the prevalence of Internet use have created the potential for unauthorized access to critical data. U.S. Defense Department officials believe that uncontrolled Internet connections pose a significant and unacceptable threat to all of their information systems and operations. Ensuring secure transmissions and the authenticity of data while allowing users to connect from remote locations requires high levels of security.

April 2005
By David L. Fraley Jr.

Expectations for new capabilities tend to peak soon after a need is identified then fall significantly as soon as the challenges are identified.

Integration of new and legacy communications technologies demands safeguards.

June 2000
By Robert K. Ackerman

Sophisticated telecommunications cryptography once limited to desktop telephones now available in portable, lightweight units.

The communications sanctity inherent in secure telephone units is migrating into the cellular arena with a new generation of handheld devices no larger than conventional commercial mobile telephones. These telephones are designed to provide high-level government and military secure cellular communications while also being able to serve the commercial arena.

August 2000
By Christian B. Sheehy

Federal agency, company team up to detect, track and negate network system attacks across multiple boundaries.

Protecting the average business computer from a barrage of malicious network intrusions is high on the priority list of many of today’s World Wide Web-based organizations. In a move to step up research in network security technology, the U.S. Navy is contracting out a three-year effort to pursue security systems development.

August 2000
By Henry S. Kenyon

Lack of cohesive planning, overemphasis on perimeter security leaves networks vulnerable to intruders via ignored pathways.

Threats to government and private sector computer systems continue to evolve in new and unexpected ways. These challenges come from a variety of groups such as hackers, terrorists and, increasingly, radical political and social activists.

August 2000
By Robert K. Ackerman

As Internet access and machines for the masses are proliferating, cybercriminals and their threats are increasing geometrically.

The spread of information and networking technology into virtually all corners of the globe is spawning new opportunities for criminals and terrorists to wreak havoc through the Internet. The dichotomy of system complexity and ease of individual use has created a target-rich environment across the entire realm of cyberspace.

February 2005
By Maryann Lawlor

Analysts warn organizations not to buy into scuttlebutt.

Viruses, worms, hackers, spam, disgruntled employees, flawed software, terrorists—cyberspace is rife with danger, but defending information has some pitfalls of its own. Information security specialists are the front-line warriors in this battlespace, and they may be making important decisions about which weapons to use based on misconceptions often promulgated by security product vendors. Industry experts have taken a closer look at some commonly held information assurance beliefs and claim that many are little more than myths.

January 2001
By Henry S. Kenyon

Cyberwarfare blurs rules of engagement.

Rapid technological change is a double-edged sword. The latest developments that allow faster computing and increased data flow also put critical national infrastructures within reach of any potential adversary with a modem.

As increasingly sophisticated information sharing systems are adopted, software flaws or a lack of built-in security measures and procedures in commercial networks create new avenues for attack. This specter of a digital Pearl Harbor is driving multilateral information assurance initiatives between the United States and its allies.

March 2001
By Maryann Lawlor

… and so do the Fingertips as biometrics evolves.

Passwords will become passé as the military moves toward fingerprint reading, iris scanning and voice recognition as gateways to many of its information and weapon systems. As a result of legislation enacted last year, plans are moving forward to use biometrics for identity verification wherever possible. The goal of the coordinated effort is to shore up information assurance throughout the armed forces by replacing the vulnerable password system with technologies that identify “you as you,” according to security experts.