News

RSA: Users, Not Technology, Are Security's 'Weak Link'

There are a wealth of commercial tools available to help secure networks, but getting them to share information so that administrators have more than a piecemeal picture of their systems can be a challenge.

"We have to depend on interoperability" for cybersecurity, said Christopher Garcia, director of the Transportation Department's Cyber Management Center. "From a defense-in-depth standpoint, it is important to have multiple products and multiple layers of defense."

Garcia was part of a panel of government and industry experts critiquing interoperability at the RSA Security conference. They concluded that it often is not the technology that interferes with interoperability.

"The products themselves are not the weak link," said Richard George, technology director of the National Security Agency's Information Assurance Directorate. "It is the people who are the weak links. It's not always a technical issue. It is also a management issue and sometimes a leadership issue."

A lack of relationships between stovepipe organizations often blocks the exchange of needed information. Other times, it is a lack of knowledge and understanding of the technology.

"The interoperability piece is a difficult piece," said William Billings, chief security officer of Microsoft Federal. "The more I interoperate, it drives the security portion down."

Microsoft participates in an Interop Vendors Alliance that works with other vendors and with customers to identify and address issues of interoperability. But users need to distinguish between an inability of tools to share information with each other and a lack of training for staff, Billings said. The tools often will share the needed data. "The hard part is how to get the IT staff to pull that out."

Interoperability across organizational boundaries can be more of a problem than interoperability between two different products. Each organization tends to consider itself and its needs as unique, requiring special technologies rather than standardized ones.

George called that attitude "the bane of interoperability. You can't have special people with special needs."

That has led to a culture of stovepipe rather than interoperable solutions, he said. "We have a history of making things that are supposed to work together not work together," he said. "History is not on our side. In the modern world, we count on the vendors" to provide off-the-shelf products that will overcome this.

But on the vendor side, the problem of unsupported and incompatible legacy systems is a barrier to interoperability.

Garcia called interoperability with legacy systems "one of the keys to success" in securing systems. Overall, interoperability is getting better, he said. "But legacy is still a problem." Agencies can't keep up with the change of new products and old products that no longer are supported.

Billings said that many new security features cannot be ported to previous versions of tools because there are too many differences between the versions. The Windows XP and Vista operating systems "were built in different ages," he said.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

comments powered by Disqus

Featured

  • Customize Your Own Audio Test Cues in Visual Studio 2019 v16.9 Preview 3

    Yes, developers can be alerted to a failed test with a fart sound.

  • Progress Touts New Third-Party Blazor UI Components

    Third-party dev tool specialist Progress announced an update to its .NET-centric offerings, touting new controls for Blazor, Microsoft's red-hot project for creating web apps with C#.

  • Entity Framework Core 6: What Developers Want

    Microsoft outlined its plan for Entity Framework Core 6, which in November will take its place as the data access component of the landmark .NET 6, a long-term support (LTS) release that will mark Microsoft's transition from the Windows-only .NET Framework to an open source, cross-platform umbrella offering of all things .NET.

  • AWS Open Sources .NET Porting Assistant GUI

    After previously open sourcing components of its Porting Assistant for .NET, Amazon Web Services open sourced the tool's GUI.

Upcoming Events