OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Navy Intranet a Security Threat?

From: William Knowles (wkC4I.ORG)
Date: Fri Apr 21 2000 - 17:11:03 CDT

http://www.wired.com/news/politics/0,1283,35713,00.html

by Craig Bicknell
3:00 a.m. Apr. 21, 2000 PDT

The U.S. Navy's plan to build the world's biggest Intranet could
create a big security threat and a boondoggle to boot, according to
the country's largest federal employees union.

"We're concerned about national security, because the Navy's not able
to answer basic questions about how they will protect national
security on (the new Intranet), and we're concerned that they're
playing a shell game with money," said Brendan Danaher, policy analyst
for the 600,000 member-plus American Federation of Government
Employees (AFGE).

The union's barrage is the latest attack on the Navy's proposal to
build a gargantuan, 360,000-seat Intranet that would unify all of the
Navy and Marine Corp's shore-based operations. The Navy plans to award
the $10 billion contract for the project to one of four corporate
bidders this June -- nine months earlier than originally planned --
reflecting the sea-service's urgency to reap the benefits of modern
info-tech.

Last month, the United States General Accounting Office testified
before Congress that the Navy had rushed the proposal to corporate
bidders without properly analyzing how it would be funded and managed,
and what effect it would have on military and civilian information
technology workers.

Since then, embattled Navy representatives have appeared before
Congress 53 times to defend their plan.

"There's been absolutely no one who questions the need, value, or
concept of this Intranet," Navy deputy CIO Ron Turner said. "They just
don't understand the math we've put into this."

But there's more than a math problem, insists AFGE's Danaher. The
Navy's plan to contract out the installation, service, and oversight
of the Intranet to a single private company poses an unacceptable
national security risk, he said.

"We're concerned that private companies will put their interest before
national security," Danaher said. "What if that company's ownership
changes, or its stock price plummets. Who knows what could happen?"

That argument lacks a certain sophistication, according to Turner.

"It's a comment made without looking at how we currently operate. The
government would like you to believe that we control the networks, but
we ride on commercial fiber that someone else operates," he said.

Moreover, the Navy currently operates 100-plus separate networks, all
with different firewalls and security, all of which have to
interconnect. That means 100 points of vulnerability, according to
Turner. With a unified Intranet, the Navy can deploy one security
system and screw it down tight. Security will be improved, not
degraded, he insists. There's no budget problem either, Turner said.
Funds for the Intranet will come from money already allocated for IT
projects, not from the operational coffers that pay for ships to sail
and planes to fly, as critics in Congress have charged.

Turner attributes the AFGE's attack largely to a self-serving desire
to protect union IT jobs that might be threatened by the new Intranet.
Some 1,000 civilian IT employees could be displaced by the Intranet,
he said, but the Navy will take pains to place them in new positions.

Danaher counters that it's not the threat of job losses that concerns
the AFGE so much as the Navy's inability to say exactly what jobs
might be lost where, and what that says about the broader project. "We
don't know, the Navy doesn't know, nobody knows, and that's a symptom
of a larger problem," Danaher said.

"Our members are people that work for the military and the federal
government, and they're concerned about national security and
efficiency," he said. "When you look at the history, you see that the
Navy is anything but trustworthy when it comes to contract oversight.
We're not saying this is a horrible idea, but the way they're going
about this is pretty dangerous."

The government's accounting office and a number of congressmen share
those concerns.

"Look, we're not trying to pull the wool over people's eyes," said a
weary Turner, who expects to appear before Congress several times in
the coming weeks to further detail the Navy's proposal.

Meanwhile, barring any direct orders to the contrary, the project will
continue full-speed ahead.

"Nobody's told us to stop or slow down," Turner said.

*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".