Feds May Share Security Tech
The Clinton administration is cataloguing what products the government has, in hopes of making some available to industry and agencies
The infotech industry could get access to a cache of government-developed security technology because of an administration plan to catalogue and distribute existing information security technology.
The effort was launched by the White House's information highway security working group, headed by Sally Katzen of the Office of Management and Budget's office of information and regulatory affairs. The working group includes officials from all panels in the White House's National Information Infrastructure Task Force.
The effort could further accelerate transfer of closely held and classified technology now held by government agencies, such as the Defense Department and the National Security Agency. The government has already boosted efforts to convert some information-security technology into new commercial products.
Denis Steinauer, a computer security expert at the National Institute of Standards and Technology, Gaithersburg, Md., said the cataloguing project was prompted by the desire to prevent government agencies reinventing existing technology.
"There is indeed a lot of security technology available in pockets of government" that needs to be shared, Steinauer said.
"We've asked them to look at what they've got and make it available," said another official. The list of items, to be drawn up by government agencies, will include descriptions of each product, he said.
But commercial acceptance of the government's information-security technology depends primarily on the companies' perception of threats to their proprietary financial and technological data, as well as perceptions of government motives, said Dan Wiener, senior information security expert at Unisys' Federal Systems Division, McLean.
Some government efforts to transfer technology have run into roadblocks. For example, the NSA's effort to promote the use of the voice-scrambling Clipper chip has sparked vigorous opposition from civil libertarians, while the FBI only overcame industry opposition to its Digital Telephony Act by winning Congressional approval of a $500 million program to compensate phone companies for the expense of making their networks easier to tap into.
But cooperation between industry and government officials through a variety of forums, such as Katzen's security working group, can successfully foster awareness of the dangers and of valuable information security products, said Weiner.
"We are trying to strive for a common set of security policies [in government] that are easy to understand....that will serve as a giant first step towards a national policy [and] that may be embraced by the private sector," he said.
Other government efforts to promote information security technology include:
- A new short-term effort by the Advanced Research Projects Agency, Arlington, Va., to produce toolkits to help security officials in companies prepare for and react to security threats.
- A longer term-effort by ARPA to develop easily modified technology to protect highly complex nationwide networks.
- A program launched by NIST to improve the technology and security practices used by government officials when working on the Internet.
Among the government-derived products now in the commercial marketplace are the Sign-NSeal network encryption systems developed by J.G. Van Dyke & Associates, Inc., Bethesda, Md., and the Sidewinder Internet-firewall system developed by Secure Computing Corp. of Roseville, Minn.