Opinion: Military security legacy is one of innovation, integrity

In response to a recent column criticizing corporate use of military security guidelines, infosec pro Norman Beznoska Jr. says corporate America has borrowed much of its technology from the armed forces, and could still stand to learn a thing or two.

As a veteran of the U.S. Navy, I have become accustomed to seeing our military denounced by Al Jazeera and The New York Times, but not in the pages of our information security journals and periodicals. That is, until now.

Jay Heiser, a columnist for Information Security magazine and vice president with research firm Gartner, in a recent column saw fit to blame all the ills and failed security projects of corporate America on our military. Even going so far as to make the ridiculous statement that "if we had developed a business approach that ensured transactions were genuine instead of a military approach that protected the secrecy of credit card numbers, ID theft wouldn't be an issue today."

With all due respect to Heiser, I don't ever recall the military "forcing" corporate America to adopt its security tools, practices and standards over my IT career, which spans some 40 years. Had it not been for the military, Rear Admiral Grace M. Hopper of the U.S. Navy and the CODASYL project, which finally adopted COBOL as an industry standard in 1960, we would still be wiring electromagnetic unit record boards and making punch card Christmas wreaths.

Let me take a moment and examine a few of the issues that really have made our corporations and information assets targets of opportunity and placed our personal data at risk:

Since the early 1990s, I have been involved in all facets of IT security consulting and business development. I've heard a litany of excuses from corporate executives paying "lip service" to best security practices, tools and controls. For example, I've heard an executive say, "Of course we know security is important, but we have to roll out this application, which has a higher priority than conducting an enterprise-wide security review and vulnerability assessment." Is any project more important than ensuring the integrity of corporate and customer information assets?

Is any project more important than ensuring the integrity of corporate and customer information assets?
,
Or my favorite line, from a billion-dollar bank: "I'm sorry, but we can't afford to spend $25,000 for an IT security audit and vulnerability assessment." Oddly enough, that very same bank regularly outsources program code and financial records to foreign countries with nary a thought given as to who has access to those programs and code.

While many American companies impose stringent security and background checks on its employees, they rarely bother to do the same for foreign nationals, or even third-shift cleaning crews. In his book "Corporate Espionage," no less an authority than Ira Winkler pointed out how easy it is for felons to be hired to work on cleaning crews and fill those large gray trash barrels with a treasure trove of stolen laptop PCs and credit card reports.

According to the Electronic Crimes Task Force of the U.S. Secret Service, the greatest threat posed to corporate America today is from insiders and social engineers, not the military, Mr. Heiser. I could go on and on, but by now you get the picture.

In his book A Deficit of Decency, former U.S. Senator Zell Miller wrote a chapter entitled "Wimps and Warriors." In it, Miller said that at a time when the Warriors wanted to focus all our energy on the future, instead of the past, the Wimps preferred to point fingers, assign blame and wring their hands. Sound familiar?

Another opinion

Counterintelligence and security specialist Michael Tanji says the military security mindset shouldn't be so quickly dismissed. Learn why.
Let us remember then that the branches of our military should still serve as an example of what corporations should do right when securing their information. In fact, it's critical that organizations not only learn from the military, but also work with them and other government entities including local law enforcement, the Secret Service or Department of Homeland Security.

Failure to do so will no doubt result in an alarming increase in security breaches and identity thefts, and may even lead to an digital Pearl Harbor of September 11 proportions, from which we, as a nation, may never recover.

Norman Beznoska Jr. is director of enterprise security at Infiniti Systems Group in Brecksville, Ohio.

Dig deeper on IT Security Audits

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close