Solving Security, Together

By Lisa Vaas  |  Posted 2006-09-04 Print this article Print

Opinion: Both the government and enterprises have crucial roles to play to keep our infrastructure secure.

The day we were writing this editorial, we couldnt help but notice news reports that intruders had busted into a liquefied natural gas facility a few miles south of eWEEKs Woburn, Mass., editorial office. KeySpan Energy didnt catch the breach until five days after it happened because officials failed, until then, to review a surveillance tape that captured the incident. Oops.

OK, so we know the nations chain-link-fence protection isnt so hot—all you need is a pair of wire clippers. But what about the cyber-protection of the IT systems that back up our national infrastructure?

If youve read Senior Writer Chris Preimesbergers cover story, you already know that he hooked up with Sandia National Labs Information Design Assurance Red Teams. The Red Teams have been finding all kinds of vulnerabilities: in the power grid, water supply, government and military systems, municipal systems, prisons, and on and on. This doesnt merely raise issues about the public sector and its attention to cyber-security in these post-9/11 years. As pointed out to us by John Clem, program manager for the Red Teams, one key for improving security associated with critical infrastructure systems is strong partnerships between government and industry.

Sandias Red Teams are in a race to plug security holes in U.S. infrastructure. Click here to read more. One thing the Red Teams have found (and enterprises already know all too well) is that security, unfortunately, is not inherent in existing systems nor necessarily in systems being developed and deployed today.

Although "information superhighway" is, in many ways, a bad metaphor, its not completely wrong. Vehicles on a real-life highway can be properly maintained and carefully driven, but poor design and shoddy maintenance of roads will still make driving dangerous for all. Likewise, global choices of protocol (IPv4 versus the far more securable IPv6) and policy (the badly conceived European Parliament Convention on Cybercrime) create an environment in which individual participants in the worldwide Net have to spend too much money and time for little real protection.

Its the proper role of national governments to sponsor the research and create the investment incentives that make things better across the board. Its the proper role of management at major enterprises to speak with a clear and coherent voice about that government role and to make their best people available to support it.

Not only that, its up to enterprises to take the advice that Clem would give them: Be proactive in identifying opportunities to partner with other institutions so that domain expertise can be shared. Be proactive in identifying sufficient budgets for IT departments. Enterprises also should take responsibility for process control systems so they can assess their level of security and integrate security into every phase of system life cycles. Finally, engage in a continual cycle of assessment and improvement.

Tell us what you think at

eWEEKs Editorial Board consists of Jason Brooks, Larry Dignan, Stan Gibson, Scot Petersen and Lisa Vaas.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel