News

RSA: Users, Not Technology, Are Security's 'Weak Link'

There are a wealth of commercial tools available to help secure networks, but getting them to share information so that administrators have more than a piecemeal picture of their systems can be a challenge.

"We have to depend on interoperability" for cybersecurity, said Christopher Garcia, director of the Transportation Department's Cyber Management Center. "From a defense-in-depth standpoint, it is important to have multiple products and multiple layers of defense."

Garcia was part of a panel of government and industry experts critiquing interoperability at the RSA Security conference. They concluded that it often is not the technology that interferes with interoperability.

"The products themselves are not the weak link," said Richard George, technology director of the National Security Agency's Information Assurance Directorate. "It is the people who are the weak links. It's not always a technical issue. It is also a management issue and sometimes a leadership issue."

A lack of relationships between stovepipe organizations often blocks the exchange of needed information. Other times, it is a lack of knowledge and understanding of the technology.

"The interoperability piece is a difficult piece," said William Billings, chief security officer of Microsoft Federal. "The more I interoperate, it drives the security portion down."

Microsoft participates in an Interop Vendors Alliance that works with other vendors and with customers to identify and address issues of interoperability. But users need to distinguish between an inability of tools to share information with each other and a lack of training for staff, Billings said. The tools often will share the needed data. "The hard part is how to get the IT staff to pull that out."

Interoperability across organizational boundaries can be more of a problem than interoperability between two different products. Each organization tends to consider itself and its needs as unique, requiring special technologies rather than standardized ones.

George called that attitude "the bane of interoperability. You can't have special people with special needs."

That has led to a culture of stovepipe rather than interoperable solutions, he said. "We have a history of making things that are supposed to work together not work together," he said. "History is not on our side. In the modern world, we count on the vendors" to provide off-the-shelf products that will overcome this.

But on the vendor side, the problem of unsupported and incompatible legacy systems is a barrier to interoperability.

Garcia called interoperability with legacy systems "one of the keys to success" in securing systems. Overall, interoperability is getting better, he said. "But legacy is still a problem." Agencies can't keep up with the change of new products and old products that no longer are supported.

Billings said that many new security features cannot be ported to previous versions of tools because there are too many differences between the versions. The Windows XP and Vista operating systems "were built in different ages," he said.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.