NCSA Security Coordinator Ken Rowe has been known to say that the only way to ensure a 100% secure computer network is to keep it unplugged in a locked room. The impact of Rowe's recent remark on a buisness community that is increasingly submerged in electronic commerce was strong. A concern generated by those attempting to retain the right to privacy inm an insecure environment was one of the driving forces behind NCSA's Second Industrial Partner User Meeting.
Mirroring the success of last year's Industrial Partner User Meeting [see access, Spring 1994, page 25], this year's meeting received positive feedback. Combined with a focus on security, the November 1995 Industrial Partner User Meeting at the Beckman Institute was attended by almost 40 participants. Among the impressive panel put together by Rowe was Assistant U.S. Attorney General Colleen Coughlin, who addressed participants on computer crime and industrial espionage trends. Citing a 498% growth in computer intrusion since 1991, Coughlin went on to discuss some of the problems with existing laws governing industrial espionage and the possible threats to those conducting business via the Internet.
"The Internet expands everyone's vulnerability enormously. . . . If you are linked to the outer world, you are vulnerable to hackers," said Coughlin.
Aspects of civil liability and network law were discussed by William J. Cook of the Chicago law firm Willian, Brinks, Hofer, Gilson & Lione. Cook broached numerous legal cases reflecting the necessity to be alert to source data, network capabilities, and contract stipulations.
Moira West-Brown, manager of the Incident Handling Computer Emergency Response Team (CERT), discussed CERT's role in security and security infringement incident response. West-Brown also addressed the growing sophistication of computer crime exemplified by incidents over the last decade.
Deborah Cooper, chairperson of IEEE's Security and Privacy Technology Committee, discussed future directions for security technology. "You're never going to get a secure Internet or totally transparent security," said Cooper, who owns and founded a computer security business, Deborah M. Cooper Co.
In the afternoon participants separated into two tracks. Those in the User Meeting Track focused on questions and topics of interest to remote users of NCSA's facilities.
"The NCSA industrial user group meeting is for the people who are the day-to-day users of the center. The more they understand about NCSA's environment and people, the more comfortable they will feel," said Joe Blackmon, former NCSA industrial program manager.
Topics discussed in the User Meeting Track included a hardware/software update by Melanie Loots, associate director of NCSA's Applications Group; HKS ABAQUS by Paul Sorenson, vice president and partner of Hibbitt, Karlsson & Sorenson Inc.; AskMe Web-based user help system by John Towns, manager of NCSA's Consulting Services; and industrial queues by Mike Pflugmacher, member of NCSA's Advanced Computing Group.
Others attended the NCSA Security Track that provided an extension of the security material discussed in the morning sessions with a focus on NCSA's security efforts.
"The intent of the morning session was to raise concerns, to make sure the users and their security people understand the significance of the problems out there. It is a real issue that needs to be dealt with. The intent of the afternoon session was to make them feel less uncomfortable. When I say 'less uncomfortable,' I mean that I donŐt want anyone to feel comfortable. When you feel comfortable about security, you get in trouble," said Rowe.
The NCSA Security Track session included an overview of the NCSA security program by Rowe; a discussion of the role of NCSA's Incident Response and Security Team by Jeff Rosendale, head of NCSA's Technology Management Group; an explanation of the NCSA security policy by Mike Carrillo, legal intern, NCSA Director's Office; a description of network security architecture by Randy Butler, technical program manager of NCSA's Networking and Security Group; and an explanation of the security features of the Andrew File System (AFS) by Jim Barlow, member of NCSA's Advanced Computing Group.
Combining the partner user meeting with a security meeting attracted a wide variety of participants, including users, scientists, executives, and security personnel. Attendees represented corporations including American Airlines, Caterpillar, Dow Chemical, Eastman Kodak Co., Eli Lilly & Co., FMC, J.P. Morgan, Motorola Inc., Phillips Petroleum Co., Schlumberger, Sears, Roebuck & Co., United Technologies, and the Tribune Co.
The conference highlighted the need to achieve an equilibrium between usability and security. "It's important to find the right balance between high-level security and the ease of use. Nothing is 100% secure. It's more a question of the level of security," said Blackmon.
Return to the Table of Contents.