News

RSA: Users, Not Technology, Are Security's 'Weak Link'

There are a wealth of commercial tools available to help secure networks, but getting them to share information so that administrators have more than a piecemeal picture of their systems can be a challenge.

"We have to depend on interoperability" for cybersecurity, said Christopher Garcia, director of the Transportation Department's Cyber Management Center. "From a defense-in-depth standpoint, it is important to have multiple products and multiple layers of defense."

Garcia was part of a panel of government and industry experts critiquing interoperability at the RSA Security conference. They concluded that it often is not the technology that interferes with interoperability.

"The products themselves are not the weak link," said Richard George, technology director of the National Security Agency's Information Assurance Directorate. "It is the people who are the weak links. It's not always a technical issue. It is also a management issue and sometimes a leadership issue."

A lack of relationships between stovepipe organizations often blocks the exchange of needed information. Other times, it is a lack of knowledge and understanding of the technology.

"The interoperability piece is a difficult piece," said William Billings, chief security officer of Microsoft Federal. "The more I interoperate, it drives the security portion down."

Microsoft participates in an Interop Vendors Alliance that works with other vendors and with customers to identify and address issues of interoperability. But users need to distinguish between an inability of tools to share information with each other and a lack of training for staff, Billings said. The tools often will share the needed data. "The hard part is how to get the IT staff to pull that out."

Interoperability across organizational boundaries can be more of a problem than interoperability between two different products. Each organization tends to consider itself and its needs as unique, requiring special technologies rather than standardized ones.

George called that attitude "the bane of interoperability. You can't have special people with special needs."

That has led to a culture of stovepipe rather than interoperable solutions, he said. "We have a history of making things that are supposed to work together not work together," he said. "History is not on our side. In the modern world, we count on the vendors" to provide off-the-shelf products that will overcome this.

But on the vendor side, the problem of unsupported and incompatible legacy systems is a barrier to interoperability.

Garcia called interoperability with legacy systems "one of the keys to success" in securing systems. Overall, interoperability is getting better, he said. "But legacy is still a problem." Agencies can't keep up with the change of new products and old products that no longer are supported.

Billings said that many new security features cannot be ported to previous versions of tools because there are too many differences between the versions. The Windows XP and Vista operating systems "were built in different ages," he said.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.