[ISN] Air Force seeks better security from Microsoft

From: InfoSec News (isnat_private)
Date: Mon Mar 11 2002 - 22:38:49 PST

  • Next message: InfoSec News: "[ISN] Software Bug Could Threaten Security Of Linux Systems"

    Forwarded from: William Knowles <wkat_private>
    03/10/2002 - Updated 11:19 PM ET  
    By Byron Acohido, USA TODAY
    SEATTLE - A top U.S. Air Force official has warned Microsoft to
    dramatically improve the security of its software or risk losing the
    Air Force as a customer. In an interview, Air Force chief information
    officer John Gilligan revealed he has met with senior Microsoft
    executives to tell them the Air Force is "raising the bar on our level
    of expectation" for secure software.
    Since being named Air Force CIO in November, Gilligan, who controls a
    $6 billion-a-year technology budget, also has met with executives from
    Cisco Systems and delivered a similar message at a handful of industry
    forums. "We just can't afford the exposures, and so those who give us
    better solutions, that's where we're going to put our business,"  
    Gilligan says.
    Gilligan, former Energy Department CIO, has discussed security most
    often with executives at Microsoft. "They are the biggest supplier to
    the Air Force, and my attempt has been to encourage them to set an
    example," he says.
    Reacting to rising criticism from the Air Force and others, Microsoft
    Chairman Bill Gates in mid-January issued a directive making security
    the software giant's No. 1 priority.
    Gates directed 7,000 programmers to spend February scouring the
    Windows operating system for openings hackers might exploit to steal
    data or shut down systems.
    "This is what our customers expect and demand," says Steve Lipner,
    Microsoft's director of security assurance. "Message received. We're
    working night and day on security."
    Two years ago, the Love Bug virus "ran rampant" through the Air
    Force's e-mail system, which runs on Microsoft Exchange software, says
    Michael Erbschloe, vice president of research at Computer Economics
    and author of two books on computer security.
    The Love Bug caused an estimated $8 billion in damages to computer
    systems worldwide. Last year, the Code Red virus and Nimda worm,
    designed to attack Microsoft Internet Information Server software,
    wrought an estimated $5 billion in damages.
    Experts now worry that a cyberattack could knock out power, water,
    transportation and communication systems.
    "The military and the government don't really have too much choice at
    this point except to start to put pressure on Microsoft and others to
    improve software security," Erbschloe says.
    Gilligan blames software makers for historically delivering products
    with "relatively low-level quality" under the assumption that
    customers would tolerate fixes to come later.
    Changing that pattern won't come easy, he says. "This is not a matter
    of just one day issuing a policy within a company that says we're
    going to now pay more attention to security," he says.
    "There are going to have to be some very specific and significant
    investments made in changing processes for the future."
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:46:10 PST