 | |
| |
TechnologyDaily Mobile
Firms Innovate To Boost Cyber Security
by Heather Greenfield
When one of Sun Microsystems' vice presidents travels around the world, she does not lug a laptop through the airport security. She carries a smart card that can plug into any Sun workstation at her destination.
Piper Cole, a top executive in charge of global public policy for the firm, said in addition to a quicker trip through airport security, the data is more secure because it stays where it is and is only accessed with the "Sun Ray" card when she needs it.
"Just as no one would steal your TV to get at the programming, no one would steal Sun Rays to get to your data," Cole said.
Government Could Use Innovation As Model
It is an idea that could gain some attention as federal agencies including the Veterans Administration, Agriculture and Energy departments and the Internal Revenue Service report security breaches.
The Defense Department already deploys similar cards. Other companies offer products in which the data does not reside in the computer, but a common server. It saves on software costs, network engineer salaries and power bills.
"You can do it. What it requires is a lot of bandwidth and secure bandwidth," said Richard Clarke, a security adviser to presidents Clinton and Bush.
Clarke favors a four-step approach to improve security. He advocates methods to remotely shut down a laptop, encrypt data, secure cards to access a network remotely, and include a security system that travels with a file called enterprise rights management.
Microsoft and Adobe make products enabling a document's creator to decide who has the right to see, print, change and e-mail a file. Clarke prefers a product by start-up Liquid Machines that is useable with a greater variety of document types.
Lawmakers Push For Off-Site Expansion
The interest in finding secure ways to work remotely is critical to members of Congress who worry security crackdowns will take federal agencies in the opposite direction when it comes to another critical function -- continuing operations in an emergency.
"Security is not the issue because the technologies are out there today," said Paul Kurtz, executive director of the Cyber Security Industry Alliance.
Kurtz said when he works remotely he uses an IBM Thinkpad laptop with a biometric device so that only he can use it. It is one of two authentication devices he uses for security. He said private companies are transitioning to work sites accessed over the Web. Tools are then used to verify the user.
Telework is so prevalent in private companies like Cisco Systems and Sun Microsystems that employees are not assigned desks when they choose to work at a company office. They select an empty desk, log on to the system and their calls are forwarded to their work site.
Cole said Sun has saved $250 million in real estate over the life of the program because of the reduced need for office space.
At a Veterans Affairs oversight hearing after the security breach at least one member of Congress said telework should stop until security improves.
Veterans Affairs Secretary James Nicholson said only doctors who need to keep in touch with patients are allowed to work from home while the agency undergoes a security review in which every laptop is checked and data that is required to be encrypted is encrypted.
"I respect the VA for doing that as long as it's a short-term action," Kurtz said. "We have to make sure we don't inhibit working from remote locations. We can't step back in time to a brick and mortar mentality. It would be a knee-jerk reaction."
Telework In The Spotlight
Stopping telework programs and blaming security lapses is not an answer for House Government Reform Chairman Tom Davis, R-Va.
Davis' committee has conducted separate oversight hearings on security breaches at the federal agencies and the need for increased telework programs.
"The last thing you want to say is everyone has to work in the office," Davis said in an interview with Technology Daily. "There's no reason you can't have a secure workplace at home."
"I understand why if this guy hadn't taken this information home, it wouldn't have been stolen," Davis said. But he called that a management problem -- not a telework problem.
Davis said the need to continue government operations in a disaster is so critical that putting telework on hold while agencies shop for encryption and other security products could potentially be disastrous. He also wants security improvements to move forward just as quickly.
Davis said managers tend to focus on getting an agency's missions accomplished and security becomes secondary. He said he hopes the government does not "have to go through a cyber Pearl Harbor" before security is given the attention it needs.
As for where Congress should step in to make sure security is improved and telework increases, additional oversight hearings are planned. Some lawmakers are considering whether the Federal Information Management Security Act needs to be strengthened.
Davis, whose committee grades the federal agencies each year based on FISMA compliance, said the VA, Homeland Security and Defense departments each earned an "F" this past year.
He said it shows there are even security concerns at the office. The Energy Department told lawmakers at a recent hearing it faces 100,000 hacking attempts each day.
Davis said one idea may be to earmark money for security improvements.
Kurtz, meanwhile, would like to see Congress pass comprehensive legislation that sets a nationwide standard on how to best protect personal information no matter where it rests.
"Let's not separate sensitive personal information on government systems from that outside government systems," Kurtz said.
He also points out that Congress or the federal agencies need to ensure their chief information officers have the authority to implement policy across agencies.
"When you look at the agencies, you're seeing CIOs really don't have the power to enforce policy," Kurtz said. "They're IT guys."
As for telework, Davis said, "we are likely to push for telework through the appropriations process." In other words, agencies may face budget penalties if they do not show increases in telework.
As Cole sees it, agencies could solve several issues at once -- security, telework and even improve energy usage, depending how they improve cyber security. But that requires looking at the bigger picture.
New Cyber Approaches Curb Energy Use
A big picture approach is a challenge within companies with different departments and Congress when issues are divided along lines of committee jurisdiction.
"Lots of companies have someone in charge of energy usage, but they don't talk to the CIO," Cole said.
Cole said the biggest gain with her security system may be the energy savings. About 40 percent of Sun's 37,000 employees use Sun Ray cards. Over the past year, the company saved $4 million in energy costs.
The simpler computers that interface with the Sun cards use 4 watts of power versus 180 watts for a personal computer.
"The number one or two cost after payroll is energy," Cole said.
While Congress considers ways to boost the use of alternative energy, Cole said government is often silent when it comes to addressing demand.
"If we can lower the demand, we're also going to gain on global warming and energy usage," Cole said.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
