IT Pros Tackle Complex Homeland Security Scenarios

The network sophistication required to support prevention and recovery scenarios for nuclear and radiological attacks, biological and chemical weapon detonations, municipal sabotage and digital assaults from cyberspace can leave IT professionals mired in--or paralyzed by--unnecessary complexity.

That was the consensus of industry representatives speaking on Tuesday at the Association of Information Technology Professionals' (AITP) meeting, which addressed homeland security and other issues.

Speakers at the AITP event said that instead of being intimidated by such challenges, IT professionals must step up to post-Sept. 11 security requirements by pushing for integrated solutions, common standards, reliable data backup, and more simplicity in implementation and management.

For example, deploying a technology solution for purposes related to the U.S. Department of Homeland Security (DHS) should be done in the same way that an IT administrator would add a server to a remote office, reflecting current practices within a company's IT infrastructure, said Dr. Ronald Pirich, director of chemical, biological, nuclear and radiological warfare defense at Northrop Grumman's Integrated Systems Technology Development Center in Los Angeles.

"You have to intelligently integrate solutions into the existing environment. If you just keep using point solutions, it will bankrupt you," Pirich said.Northrop Grumman, a major government contractor, provided the safe mail-handling equipment used by the U.S. Postal Service during the 2001 anthrax attacks, Pirich said. But even if an IT department budgets for a point solution, it should continue to consider how new security technology can add value to the overall network, he noted.

"It's a matter of intelligent information awareness. You can actually provide real ROI if you think in terms of the existing infrastructure, like security alert systems or networking that also helps save lives during hurricanes," Pirich said.

Clare Cunniffe, director of security solutions at software vendor Computer Associates International, Islandia, N.Y., has worked with state and local governments on DHS initiatives. Although it's challenging to network systems from local areas to the 23 different agencies that make up the DHS, the task can become intimidating if one loses sight of the basics, she said.

"You have 23 government agencies, and then you put on top of that state and local governments and the private sector--transit, identification and credit-card tracking. How do you pull all of that together and correlate it so it makes sense?" Cunniffe said. "Well, it's like the move from the mainframe to distributed computing. It's all about protection and control. Assess vulnerability, respond and recover if something happens."

Waiting until a particular security solution is absolutely perfect can be a big mistake, said Ray Donnelly, director of business development for homeland security at the Command Systems Division of Telephonics, Farmingdale, N.Y. "[IT] tends to wait until we have an all-singing-and-dancing solution, whereas in India, for example, if they have something they deploy it," he said. "Under the current threats, we can't wait, either."Keeping the noise down also is key. Using technology that assesses whether a security alert or alarm is a critical threat to a network can help companies avoid "security information overload," said Sheri Mason, director of marketing at CA.

"Systems can generate one, five, 10 million security events a day. So we don't need security technology that creates events. We need technology that reduces them," Mason said. "Otherwise, we're running after false alarms and possibly missing real ones."

Mike Furey, special assistant to the associate lab director at Brookhaven National Laboratory, Upton, N.Y., illustrated the sobering reality of the current geopolitical climate. "We are now testing radiation sources in moving vehicles to see the limits of current technology, and the makers of that technology need to raise the bar," Furey said.

But CA's Cunniffe best explained the sound logic of simplicity in IT security. "Every person is generally involved with homeland security because our companies are the backbone of the overall economy," she said. "Nobody owns the Internet, but if everyone protected their assets, we'd be closer to the ultimate goal."