Microsoft steers toward security

PDD 63

At a time when most government agencies are running critical services on at least one of Microsoft Corp.'s products, company chairman Bill Gates sent out a challenge to his firm Jan. 15 to make its operating systems and software more secure, reliable and privacy-oriented.

In a Jan. 15 e-mail to all Microsoft employees, Gates outlined the company's new philosophy of "Trustworthy Computing" and delivered the message that the reliability of Microsoft's .Net platform "is more important that any other part of our work."

The .Net platform aims to create a seamless computing environment in which users can access applications and data through PCs, handheld computers, wireless phones, pagers or a combination of them all.

But the capabilities that .Net can offer are not as important as ensuring that the platform is designed to deliver technology that organizations can trust to support their mission -- much the way people rely on the availability of electricity, water and telephone service, Gates wrote.

In the move away from legacy systems to commercial products and software, agencies have bought enterprise licenses for Microsoft's many operating systems, e-mail applications and Web servers.

Several agencies already are using the .Net platform. For example, the Agriculture Department used it in its Lighthouse pilot last year to make data from geographic information system applications available via the Internet.

Many experts in the public and private sectors have criticized the information technology industry for failing to provide secure, reliable products, particularly since 1998, when President Clinton issued Presidential Decision Directive 63 and raised awareness on critical infrastructure protection issues.

PDD 63 requires agencies to protect the information systems that support the nation's critical infrastructure, including transportation and banking. It also directed industry to form information sharing and analysis centers to collaborate on security incidents and to work with government.

Following on President Bush's October 2001 executive order updating PDD 63, Richard Clarke, the president's cyberspace security adviser, last month told a gathering of the software industry's top executives that their companies need to stop thinking of security as an afterthought.

Among other measures, manufacturers must say that "from now on, the default setting on all our products as they come to market will be for high security," he said.

Going forward from that idea, Gates said Microsoft must develop technologies and policies to better help organizations manage and protect the ever-growing networks that support their missions.

"Systems will have to become self-managing and inherently resilient," he wrote.