http://gcn.com/vol1_no1/daily-updates/31383-1.html
By Dawn S. Onley
GCN Staff
12/15/04
The National Security Agency is filling a new role in the Defense
Department: leading the information assurance path DOD takes to
becoming a network-centric workplace.
The new assignment is based on security work the agency did for DOD a
few months ago building a security component for the Global
Information Grid, said Priscilla E. Guthrie, deputy Defense CIO.
"We asked NSA to build an IA architecture. NSA did a
knock-your-socks-off job of doing this," Guthrie said today at a lunch
the American Council for Technology and Industry Advisory Council
sponsored in Arlington, Va.
The IA component calls for integrating security into the GIG by, among
other things, authenticating credentials and security clearances. The
plan also calls for the use of some form of user token for the
security architecture.
Recently, DOD asked the agency to take the lead for information
assurance initiatives across the department, Guthrie said, although
that doesn't mean NSA will build everything or own all of the IA
dollars.
NSA will put together a GIG Information Assurance Portfolio so DOD can
have a go-to agency if portions of the grid lack adequate security,
Guthrie said.
"NSA will deliver a vision for what it's going to take to secure the
environment," she said. "Some have asked me, "Why NSA? They don't have
the skill set." I don't know a better construct for the department.
This is a blueprint for us to effect this broad IA environment."
Guthrie also said the Pentagon is getting out of the business of
application integration and moving more toward data-level integration.
"If you only do integration of applications, I hope we put you out of
business," Guthrie told the executives gathered at the lunch. "You
must separate data from apps. If they are not separable, we don't want
you in the department."
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
