What concerns gov’t security officials?

During an Information Technology Association of America security workshop, government security officials have expressed their concerns about some particular tendencies in the security field.

The thing that worries these experts most is the growing number of attacks through applications, especially web applications, now that the systems themselves have greatly improved their security.

“That concerns me mainly because of the push to e-government. Applications give a ready avenue to our data,” said Patrick Howard of the Housing and Urban Development Department. Howard finds the whole ordeal even more troublesome, since “this is custom code we're talking about” and as such it cannot simply be patched.

The rationale seems to be quite obvious : the growing need to share information electronically, means a growing number of security issues.

“We tend to trust everyone on the inside and no one on the outside,” said Joe Gerrity of the Securities and Exchange Commission, but added that “they” don't (and neither should they) trust even those on the inside, sharing with someone that should “supposedly be in the possition to do so”. The organizational boundarie lines are quite unclear at this point, making the risk of attacks greater.

Other officials fear that quantum computing, which could “break encryption and all the things we're doing now to protect data.”

Government security experts only wish that “other people” would have to act accordingly to FISMA (Federal Information Security Management Act) just as them. Hardly can anyone blame them: the possibility of fully destroying security risks, when there is a need for interaction between inside and outside entities, is rather scarce.

Edward Roback of the Treasury Department has listed the declining cost of storage, “outsourcing and outshoring” jobs and last, but not least, the incompetence of insiders, as factors that may and do compromise privacy and security.