Protecting information and the data networks upon which it travels will take
a combination of private and public efforts, a top Bush administration
official said. Some of those in the private sector, though, say working for
the government doesn’t make much business sense.
Paul Kurtz, the senior director for national security under President Bush’s
Critical Infrastructure Protection Board — part of the National Security Council — spoke on
Thursday at a homeland security investment symposium in Washington, D.C.
During his keynote speech, he said information technology (IT) now connects
“practically everything” in the country, and that systems are now so
interdependent that an attack on one infrastructure can have a cascading
effect on others.
Kurtz said that government does not have the answer, and that no one
government agency can solve the problem. What’s more, “there will be no one
silver bullet to solve the problem.”
The answers, according to Kurtz, “are in the private sector” —
specifically, a combination of technology, people and policies.
What needs to be done, according to Kurtz, is ask if everything possible is
being done to identify critical information systems on both the government
and private sides of the coin. Then, the vulnerabilities in those systems —
especially in the Internet — need to be understood to be fixed.
Government May Not Be Good for Business
Dealing with the government, though, may not help a business, according to
several experts on the private industry side of the equation. Mark Lister,
the managing director of Rosettex
Technology and Ventures Group, said that IT opportunities in homeland
security are “woefully small,” mainly because the amount of money going to
homeland security gets divvied up among a lot of federal agencies. He’s also
fearful that private industry will not make many inroads into the federal
government unless companies can pool their technologies to put together what
he called “real solutions.”
Venture capitalist Jonathan Silver, the founder and managing director of Core Capital Partners, said that
investing in companies that also deal with the federal government can be
difficult, because “traditional venture capitalists and firms don’t have
policy goals — they want to make a profit.” Some government projects don’t
make good business, because a particular niche may be very small or Uncle
Sam may be the only market for a particular product, he also said.
If a company needs capital and wants to sell to the government at the same
time, Silver said it can go to someone like In-Q-Tel, a private “venture catalyst”
created by the Central Intelligence Agency
(CIA) that invests in firms developing information technologies that can
be used for U.S. national security interests.
During Thursday’s conference, In-Q-Tel Chief Operating Officer (COO) Ronn
Richard went as far to say that he’s not concerned about
return-on-investment (ROI) — although he admitted that “it would be good to
give back some of our money to Congress.” While his organization does a lot
of what most VCs do, the hardest part of the job is determining if the
technology will transfer into the CIA’s architecture. Companies have to go
through several review boards to determine if their technology is compatible
with the spy agency’s systems.
Of the 2,000 proposals In-Q-Tel has received, the group has made 20
investments to date, he added.
Infrastructure: Target or Weapon?
Another speaker, meantime, took Kurtz to task for saying that the nation’s
tech infrastructure will be a future target for terrorists. French Caldwell,
vice president and research director for knowledge management at Gartner, said that the U.S.’s
infrastructure will not be a target — it’ll be a weapon. “Look at how the
mail was used for the anthrax attacks,” he said.
Until now, concerns about transaction security or privacy have driven
innovation in the IT market, Caldwell said. Now, fear of terrorism and
political/ideological-based attacks will add to the need for electronic
security. While the market will respond to new threats, “no one yet knows
exactly what they’re responding to,” he also said.
Protecting Against Terrorism
When it comes to protecting against terrorism, meantime, Caldwell said that
companies may have to choose to guard only certain systems, because walling
all of them off would be difficult. He also said that companies should share
information with one another about cyberattacks, so all can learn and
protect themselves — an idea echoed by other speakers at the symposium.
Individuals, meantime, should install personal firewalls and take other
security precautions so that their computers are not unwittingly used
without their knowledge in attacks, better known as a “zombie.”
As for government, Caldwell agreed with Kurtz in saying Washington should
lead by example and involve industry in solving IT security problems. But
the feds “should not stifle the private sector,” and should lead a
“Manhattan Project” on knowledge management for homeland security, he added.
Two companies wanting to help protect both individuals and companies from
security risks demonstrated their wares at the conference.
Aurora Biometrics Inc. of
Rockville, Md., uses facial-recognition technology for its hardware and
software systems. Its products include a system that eliminates unauthorized
access/use of proximity/swipe cards for use at facility entrances and
authorized areas, and a hardware/software solution that protects a PC from
Swivel Secure America Inc.,
meantime, was showcasing its new electronic user authentication system. With
the protocol, a customer can use one-time, temporary authorization codes
that are activated by a predetermined PIN, and entered via an interface that
doesn’t use a keyboard or display the numbers on a screen.