Forwarded from: William Knowles <wkat_private> http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm 03/10/2002 - Updated 11:19 PM ET By Byron Acohido, USA TODAY SEATTLE - A top U.S. Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer. In an interview, Air Force chief information officer John Gilligan revealed he has met with senior Microsoft executives to tell them the Air Force is "raising the bar on our level of expectation" for secure software. Since being named Air Force CIO in November, Gilligan, who controls a $6 billion-a-year technology budget, also has met with executives from Cisco Systems and delivered a similar message at a handful of industry forums. "We just can't afford the exposures, and so those who give us better solutions, that's where we're going to put our business," Gilligan says. Gilligan, former Energy Department CIO, has discussed security most often with executives at Microsoft. "They are the biggest supplier to the Air Force, and my attempt has been to encourage them to set an example," he says. Reacting to rising criticism from the Air Force and others, Microsoft Chairman Bill Gates in mid-January issued a directive making security the software giant's No. 1 priority. Gates directed 7,000 programmers to spend February scouring the Windows operating system for openings hackers might exploit to steal data or shut down systems. "This is what our customers expect and demand," says Steve Lipner, Microsoft's director of security assurance. "Message received. We're working night and day on security." Two years ago, the Love Bug virus "ran rampant" through the Air Force's e-mail system, which runs on Microsoft Exchange software, says Michael Erbschloe, vice president of research at Computer Economics and author of two books on computer security. The Love Bug caused an estimated $8 billion in damages to computer systems worldwide. Last year, the Code Red virus and Nimda worm, designed to attack Microsoft Internet Information Server software, wrought an estimated $5 billion in damages. Experts now worry that a cyberattack could knock out power, water, transportation and communication systems. "The military and the government don't really have too much choice at this point except to start to put pressure on Microsoft and others to improve software security," Erbschloe says. Gilligan blames software makers for historically delivering products with "relatively low-level quality" under the assumption that customers would tolerate fixes to come later. Changing that pattern won't come easy, he says. "This is not a matter of just one day issuing a policy within a company that says we're going to now pay more attention to security," he says. "There are going to have to be some very specific and significant investments made in changing processes for the future." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:46:10 PST