Search

Say the words “security clearance” in a conversation with defense contractors, and the vast majority has a tale to tell of long waits and missed opportunities. Those two words have people in Washington, D.C., talking too. For two years, the organizations in charge of the security clearance process have worked hard to improve it. But for many, the time for revamping the old is over, and the time for creating a new process has begun.

The requirement to protect information and the necessity to share information frequently conflict, but government and industry obligations to do both effectively, efficiently and simultaneously now are connecting these two near opposites. A partnership of companies, both large and small, is combining resources and skills to enable the government to provide information to those who need it while denying access to those who do not.

The convergence of telephone and Internet protocol networks holds great promise, according to industry experts, leading vendors and the press. However, an increasingly converged network also increases the risk factor associated with securing voice and other real-time communication streams. These risks are not limited to Internet-protocol-based networks; traditional time division multiplexing networks also are vulnerable.

Viruses, worms, hackers, spam, disgruntled employees, flawed software, terrorists-cyberspace is rife with danger, but defending information has some pitfalls of its own. Information security specialists are the front-line warriors in this battlespace, and they may be making important decisions about which weapons to use based on misconceptions often promulgated by security product vendors. Industry experts have taken a closer look at some commonly held information assurance beliefs and claim that many are little more than myths.

U.S. government computer scientists are studying how computer grids react to volatile conditions to understand how events such as virus attacks, sudden changes in workload and cyberattacks can affect linked groups of hundreds or thousands of geographically dispersed machines.

Demands to increase information sharing and collaboration among government agencies are creating a growing requirement for easy-to-use security products that facilitate classified communications. Many organizations are now realizing the benefits of videoconferencing; however, information protection in this area generally involves support from communications security-certified personnel, and moving from unclassified to classified conferences requires cumbersome procedures.

People and equipment rise to the occasion when military computer networks are attacked, according to evaluators at a recent U.S. Air Force exercise. A two-week event that tested experts on both native Air Force networks and a simulation range produced some surprises in the capabilities of humans and hardware.

Soldiers assigned to information operations units in the U.S. Army Reserve Information Operations Command are improving their mission readiness for the latest cybersecurity threats with specialized training developed by the Software Engineering Institute at Carnegie Mellon University.

A review of U.S. Defense Department information systems using a code analysis process has found no evidence of deliberate infusion of vulnerabilities into applications, but it has found instances of bad coding practices and programmer shortcuts that have left systems open to attack. The vulnerabilities found would not have been easily detected by an outside source, but they were open doors for an insider who wished to exploit them. The systems were hosted on extremely critical networks where a breach could have catastrophic consequences.

An increasing emphasis on information security is prompting experts in the technology industry to follow the lead of the medical and legal professions, which feature a system of specialties and subspecialties. One major accreditation organization is taking a closer look at the government sector and addressing the distinct circumstances of information security specialists in that arena. Once specific issues are identified, they could affect the certification process as well as influence public policy.