[ISN] Navy says new intranet will upgrade computer security

From: William Knowles (wkat_private)
Date: Thu Jun 28 2001 - 02:08:24 PDT

  • Next message: InfoSec News: "[ISN] How to trace stolen notebooks over the Net"

    By Joshua Dean
    June 27, 2001
    When the Navy Marine Corps Intranet (NMCI) comes online in mid-July,
    the programs entire security infrastructure will be fully operational
    and effective, Navy officials said Tuesday.
    NMCI is the Navys 5-year, $4.1 billion-effort to outsource the
    technology, maintenance and help desk support for over 350,000
    desktops and 200 networks. The Navy awarded the NMCI contract to
    Electronic Data Systems in October 2000.
    Scott Henderson, a systems engineer at the Space and Naval Warfare
    Systems Command, outlined the projects exhaustive approach to security
    at a press conference Tuesday.
    NMCI will use six network operation centers equipped with full-time
    security staffs. These centers will govern all network traffic between
    NMCIs networks and the public Internet.
    The network operation centers will fully isolate the Navy and Marine
    Corps from outside networks, Henderson said. The government has
    outsourced the infrastructure but has retained the authority to run
    the network.
    NMCIs security wont end there. Further monitoring will occur at the
    regional and command level, and every workstation and server will be
    monitored for viruses and outbreaks of malicious code. Under NMCI,
    every Navy and Marine Corps server will be moved to server farms
    managed and protected by the network operation centers, thereby
    limiting access points and reducing security risks.
    Currently, the Navy suffers from differing security capabilities at
    its various commands, said Henderson. NMCI will unite the Navy under a
    single security policy. The Marine Corps already has one.
    The Navy has reason to pay close attention to information security.
    Last year, the Navy tracked 23,662 possible hacking attempts on its
    networks. Thus far in 2001, the Navy knows of 125 successful
    intrusions into its systems. While most of those were aimed at Web
    sites rather than core business systems, the Navy takes each hacking
    incident very seriously, Henderson said.
    Most successful hacks could have been prevented had known
    vulnerabilities been fixed, Henderson said. NMCIs enhanced security
    will make it easier for the Navy to fix known software foul-ups that
    hackers typically take advantage during their exploits. Fixing such
    vulnerabilities should enable the Navy and Marine Corps to focus on
    more advanced information warfare threats, such as those posed by
    foreign states or terrorist groups, said Henderson.
    NMCI will be the largest Defense Department implementation of public
    key infrastructure (PKI), said Henderson. A PKI is used to restrict
    computer access to only authorized users as well as to protect and
    encrypt data traveling over networks.
    EDS stands to earn up to a $10 million performance bonus if Navy and
    Marine Corps official s are satisfied with NMCIs level of security.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 03:09:09 PDT