Information security is too often MIA

 

Connecting state and local government leaders

Both inside and outside the government, Duane P. Andrews has built a career in information security.

Both inside and outside the government, Duane P. Andrews has built a career in information security.As corporate executive vice president of Science Applications International Corp., Andrews manages projects related to national defense, law enforcement and information assurance. He joined SAIC's McLean, Va., office in 1993.From 1989 to 1993, Andrews was assistant secretary of Defense for command, control, communications and intelligence'the Defense Department's CIO. He spent the previous 12 years dealing with cryptology, tactical intelligence and agency budgets as a staff member of the House Permanent Select Committee on Intelligence.Andrews got his start in intelligence analysis and resource management while on active duty with the Air Force from 1967 to 1977.He has received numerous civilian and military awards, including the DOD Medal for Distinguished Public Service, the National Intelligence Distinguished Service Medal and the Bronze Star. Last fall, he was inducted into the Post Newsweek IRM Hall of Fame for his substantial and long-term contributions to government IT.Andrews received a bachelor's degree from the University of Florida and a master's in management and supervision from Central Michigan University.GCN associate editor Patricia Daukantas interviewed Andrews by telephone.ANDREWS: One of the biggest differences between the Pentagon back in my time and today is that we were basically having to look at information management as a discipline for the first time, and we had a lot of challenges. Right at the beginning of my tour, we had the Iraqi invasion of Kuwait.What came out in those early reviews was how inadequate security was. As we build more of the force around information, we depend on the transfer of large amounts of data and finished intelligence. We've become more dependent on those information systems and communications links.One of the things we spotted 10 to 12 years ago was that we needed to deal with information security or we, as a superpower, would be put at a great disadvantage by an enemy that could attack systems effectively.Over the last decade, there's been little progress. Despite warnings from multiple defense science boards, DOD's still figuring out how to deal with the problem. And industry long ago figured out that the way to deal with it is to spend some money to educate people and improve the system security barriers.Too many people'even today'think of it as just something that IT guys worry about, when really it is something that warfighters and commanders need to worry about. If they pick up the phone to give a command to go to war and there's no dial tone, or they send an ops order and it gets garbled or misread or doesn't get to its intended recipients, the war slows down. It doesn't necessarily stop'we're pretty innovative people, and we can find ways to work around security problems'but it does slow down the tempo and put us at some risk.ANDREWS: The biggest difference is a lot more information. At the height of Desert Shield and Desert Storm, we had less than 150 Mbps of data being transported across command and control systems. Nowadays, small incursions are going to take two or three times that amount. So we need bigger pipes and more capacity, and it's got to be secure.ANDREWS: Many of us could design systems that put information on the Web to support citizens' right to access without putting agency systems at risk. You use security tools like firewalls, for example.When we've long since retired, the government is still going to be struggling with a trade-off because the citizens want everything, and everything would in fact put the government at some risk. But the legitimate information that people need should be provided in a way that doesn't compromise the government's data.ANDREWS: Computers have been around for a long time, and people still don't understand them and their security very well. Wireless is brand-new.I think it's a major challenge to get people educated. A lot of these products ship with the security features turned off. They perform better that way. If you don't turn it on, you don't have it, and anybody can cruise down the street and monitor the wireless LANs that are operating.ANDREWS: The services and their bosses in DOD are realizing that properly managing information is a critical warfighting tool.The Air Force office's job is to integrate all the command, control, communications, computers, intelligence, surveillance and reconnaissance systems together.The interesting thing is that while you're having all these commands formed to better integrate C4ISR, people in the Pentagon are looking at wanting to break up C4I. My argument has always been that if you didn't have it, you'd have to invent it. You need to be able to integrate all of this information or you don't have a Department of Defense. If the bad guys can attack and shut down your systems, you cannot operate.So the integration of C4ISR, which is what all those offices are intended to do, is absolutely essential for the modern military. I really applaud them.ANDREWS: They're asking for many of the same things as before, but more of them, and they're asking in a more timely way. They don't want five-year development plans. They want stuff that can be delivered in six months or a year, or 18 months at the outside.Tools and systems to help manage large amounts of data, better ways to bring information sources together so they can look for indicators of terrorists or criminal activity'these are all things they were thinking about or had started doing before Sept. 11. We're seeing these programs being brought to the top of the stack and adequately funded. And we're seeing a sense of urgency.A lot of people are looking at how to more effectively use the abundance of bandwidth and communications and how to share data. We're seeing more use of modern IP networks'converged networks with voice and data and video and other things all combined.You'll continue to see improvement in the performance of information systems. The trend is to faster and more compact data, much faster processing speeds. In all sectors we're seeing large amounts of data being collected and new schemes on how to effectively process it and cull out real information. We're seeing vast increases in capacity and speed in both telecommunications and computing for moving, analyzing and correlating data.ANDREWS: The first thing I learned was that the customer is always right. The second thing I learned is that the customer is always right, but you may need to help him understand the contractor's view.One thing I wish I had had when I was in government was more understanding of the impact of some of the decisions I made. It's easy for government to pass rules or delay milestones and procurements. It's much harder for the contractor sometimes. If the government better understood the plight of the contractor and the impact of the decisions, we would all be better off.I look back and say, 'Why didn't somebody tell me that when I was in government?' I would never have made some of the decisions I made. I'm talking about procurement decisions like flipping programs or delaying reviews, when the impact turned out to be contractor layoffs or work force terminations.We've got to find ways to communicate that so well-meaning people in the government don't do things inadvertently that harm their industry partners.Industry and the government work hand-in-glove. I spend my whole day worrying about supporting the government. It's important that the government also understand that I'm running a business.

Duane P. Andrews bio

Age: 57

Family: Wife, Opal; son, Terrill, and daughter, Peyton

Last concert attended: Elton John's Face to Face Tour

Favorite Web site: www.google.com

Leisure activity: Shopping for treasures at auctions

Hometown: Lake Worth, Fla.

Hero: Vice President Dick Cheney

Duane P. Andrews, SAIC's security insider

Henrik G. DeGyor















GCN: How is IT security changing in the Defense Department?











GCN: What's the biggest difference between the way DOD managed IT during your tenure and the way it is now?



GCN: How can agencies balance their need for information assurance with their need to connect to citizens?





GCN: As more federal employees use wireless devices, how will that affect IT security?





GCN: The Navy has a new Network Warfare Command [GCN, March 29, Page 34], and the Army added two commands to standardize its software and networks. Also, the Air Force has launched an office for warfighting integration. How are they doing?









GCN: Are your government customers asking for different things since Sept. 11?









GCN: What's the most important lesson you've learned as a government contractor?









X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.