[ISN] Info. assurance a matter of survival

From: InfoSec News (isn@private)
Date: Thu May 04 2006 - 01:16:56 PDT


By Patience Wait
GCN Staff

SALT LAKE CITY - Information management, and information assurance in
particular, may be more mundane than other software topics but it is
part of the foundation of all systems, according to Kelly Miller,
chief systems engineer of the National Security Agency.

"I can't say [IA] has been ignored, but it has been under-emphasized,"  
he said.

Miller, speaking to software engineers at the 18th annual Joint
Services Systems and Software Technology Conference, adapted a saying
of Charles Darwin to make his point. Where Darwin once said the
creature that survives is not the smartest or the strongest but the
one most adaptable to change, Miller said, "In the Information Age
we're faced with, the survivors will be those who have the most
assured information."

It takes the same skill set to defend networks as to exploit them, he
said. But the emphasis is not equal - it only takes one vulnerability
to exploit a system, but to protect a system all the vulnerabilities
have to be guarded.

The global network is a "national interest item," he said. The size of
the problem is breathtaking, with 20 million e-mails a minute zipping
around the globe and 40 million voicemails left each hour. And
supervisory control and data acquisition networks, used throughout the
chemical and utilities industries, were developed years before the
Internet and never designed to include computer security.

The biggest threat is spyware - "the new spam," Miller called it. A
recent survey found that 87 percent of business PCs and 88 percent of
consumers' computers are infected.

With a dearth of skilled professionals to address the challenge,
Miller said a national strategy for IA needs to be created and

"Our operations, organizations, laws and policies have not kept pace
with this changing technology," Miller said. "The current defense is
not effective... Not only are we not keeping pace, we're taking a step

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 04 2006 - 01:40:45 PDT