http://www.gcn.com/online/vol1_no1/40663-1.html By Patience Wait GCN Staff 05/03/06 SALT LAKE CITY - Information management, and information assurance in particular, may be more mundane than other software topics but it is part of the foundation of all systems, according to Kelly Miller, chief systems engineer of the National Security Agency. "I can't say [IA] has been ignored, but it has been under-emphasized," he said. Miller, speaking to software engineers at the 18th annual Joint Services Systems and Software Technology Conference, adapted a saying of Charles Darwin to make his point. Where Darwin once said the creature that survives is not the smartest or the strongest but the one most adaptable to change, Miller said, "In the Information Age we're faced with, the survivors will be those who have the most assured information." It takes the same skill set to defend networks as to exploit them, he said. But the emphasis is not equal - it only takes one vulnerability to exploit a system, but to protect a system all the vulnerabilities have to be guarded. The global network is a "national interest item," he said. The size of the problem is breathtaking, with 20 million e-mails a minute zipping around the globe and 40 million voicemails left each hour. And supervisory control and data acquisition networks, used throughout the chemical and utilities industries, were developed years before the Internet and never designed to include computer security. The biggest threat is spyware - "the new spam," Miller called it. A recent survey found that 87 percent of business PCs and 88 percent of consumers' computers are infected. With a dearth of skilled professionals to address the challenge, Miller said a national strategy for IA needs to be created and executed. "Our operations, organizations, laws and policies have not kept pace with this changing technology," Miller said. "The current defense is not effective... Not only are we not keeping pace, we're taking a step backwards." _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu May 04 2006 - 01:40:45 PDT