Right about now, the National Security Agency is feeling pretty good about its decision to use open source as the medium through which the agency is evangelizing improved security technology. NSA's SELinux technology is gaining traction and the agency, like many other areas of the government, is realizing that it needs to team with industry to meet tomorrow's technology challenges.
Right about now, the National Security Agency is feeling pretty good about its decision to use open source as the medium through which the agency is evangelizing improved security technology. NSA's SELinux technology is gaining traction and the agency, like many other areas of the government, is realizing that it needs to team with industry to meet tomorrow's technology challenges.Although NSA is essentially a product of the Cold War, the agency's role today is to stimulate new security technologies that can be used throughout government and private industry. "We're working with the private sector to give the country the security it needs," Dickie George, technical director of NSA's Information Assurance Directorate, said Thursday at an SELinux symposium held in Silver Spring, Md.
The United States' ability to protect information has always been NSA's mission, from the day the agency opened its doors in 1952. Back then, NSA focused mainly on providing cryptographic technology that the government and military used to keep secrets.
NSA's role in developing SELinux reflects an evolved approach to information security. But what does it say about the agency that it's looking to the open-source community for answers to today's complex security challenges? (This after first developing mandatory access control technology through a number of closed prototype operating systems, including Distributed Trusted Mach, Distributed Trusted Operating System, and Flux Advanced Security Kernel, or Flask).
The agency also acknowledges that technology can only do so much to protect a system from its own users. "How do you secure a system against someone you've trusted?" George asked during Thursday's opening session. One way is to implement security that limits any damage that can be caused by malicious users, a characteristic found in SELinux.
George made it clear that the agency can't accomplish its mission without making use of commercial off-the-shelf software (COTS, in public-sector parlance). "We can't rely (solely) on cleared U.S. citizens hired by the government to do all of the technology development work," he said. Which is why the agency, much like the Federal Bureau of Investigation and other areas of the government are seeing the value of COTS.
"We cannot compete with the private-sector, in terms of technology development, which is why we do something like SELinux," George said. "It provides guidance for the technology that's used by the country's industry." In fact, NSA launched its SELinux project as a way to demonstrate to technology users what could be done in the area of security.
With future versions of SELinux are expected to offer higher levels of security, even support for multi-level security, there's a lot of critical infrastructure out there counting on NSA's success - bringing sophisticated security to the market without the heavy price tag.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.