Amoroso: Putnam amendment deserves a look
Rather than centralizing patch management, officials should consider centralizing some network security functions, says AT&T's CIO.
Government network security managers are patching holes as fast as they can, but assaults from malicious, highly sophisticated hackers are relentless. Hackers unleashed 959 new viruses on the Internet in May. That's a lot of patching, and administrators at some agencies are barely keeping up.
The root of the problem is bug-filled software that worms can exploit, and the solution is nothing less than a wholesale reform of the software industry. Let's assume that's not going to happen any time soon.
In the meantime, information technology administrators at government agencies have come to rely on patching. A Government Accountability Office official recently testified on Capitol Hill that the answer to the overwhelming assault from hackers is to offer a governmentwide patch management service for civilian agencies. The official said such a service would be less expensive than the government's current piecemeal approach. It's not a bad approach, but I believe there's a better way.
First, let's remember how we got here. Back in the dot-com era of the late 1990s, the proponents of "dumb" networks argued for putting all of the intelligence and security in the endpoints. Unfortunately, that led to the waves of cybersecurity attacks we now face. The dumb network trend went too far. Responsibility for security was distributed too widely, making it extremely difficult to keep many edge devices protected. It's time to swing the pendulum back.
Rather than centralizing patch management, officials should consider centralizing some network security functions. In an era when everything is networked, the network is truly the best front line for security.
Based on work at AT&T, we've learned it's possible to spot unusual network patterns and security threats on our IP backbone well before attacks occur. Contrary to popular belief, worms don't appear out of the blue. Failed worm attacks can be spotted days or weeks before a successful attack. By sampling the ocean of public Internet data that crosses our network daily — about 1.3 petabytes, or 1.3 quadrillion bytes — we can monitor and track unusual traffic patterns that could be the early stages of an attack. Our sampling allows us to see patterns of failed attempts, and we can then take steps to protect our networks and those of our customers.
I like the analogy Rep. Tom Davis (R-Va.) used to compare cyberattacks to the fall of ancient Rome. The Romans built roads throughout the empire, but barbarians used the roads to attack and bring down Rome.
Agency administrators surely don't want their networks to be the modern equivalent of the unprotected Roman roads. As they increasingly rely on networking to meet agency missions, they can't afford to have the networks come under attack.
Cybersecurity should become a key consideration for anyone procuring networking. That's why we believe Rep. Adam Putnam's (R-Fla.) recently proposed amendment to the Clinger-Cohen Act — which requires agencies to include information security in their buying decisions — deserves close scrutiny.
Rushing to install the latest patch is one option. But it's time to consider the network as the tool for ultimate protection. Agencies should be attacking the cyberattackers for a change.
Amoroso is the chief information security officer at AT&T.
NEXT STORY: Unisys wins HHS e-mail deal