Firewalls and encryption devices thwart hackers and spies.

About the same time that the Senate was passing the Information Infrastructure Protection Act a few months ago, Swedish hackers were infiltrating the CIA's Web site. They changed the home page title to the Central Stupidity Agency, replaced Director John Deutch's photo with that of an unknown person and redirected hypertext links to Playboy magazine.

A short time earlier, the General Accounting Office had reported that the Pentagon's computer systems were attacked no fewer than 250,000 times in the last year. Replacing and repairing modified and stolen data after the break-ins reportedly cost the Defense Department millions. GAO concluded that Defense agencies, like their civilian counterparts, had become too dependent on the Internet for e-mail and other applications.

These incidents, and dozens more throughout the government, show what a poor job federal organizations have done to safeguard Web sites and internal intranets from hackers, spies and on-line terrorists. Some agencies simply overlooked security precautions in their rush to cyberspace. Others intentionally ignored warnings because they thought security controls were too expensive, time-consuming and annoying. The subject is so sensitive that many government Webmasters refuse to discuss it for fear they will expose their agencies' vulnerabilities.

But plenty of other entities are speaking out about security threats posed by the Internet and Intranets. The White House, for instance, recently backed a Justice Department proposal to create a rapid-response team to combat computer attacks. The General Services Administration, meanwhile, has established the Federal Webmasters Information Management Working Group to help agencies comply with the 1987 Computer Security Act and other federal security policies.

The National Security Agency has published a set of requirements (available at for firewalls and other Internet security devices. And the National Computer Security Association is offering a certification program for doing security audits on Web sites.

Experts agree that before agencies implement any defense mechanisms, they first must have comprehensive security policies in place. These policies must clearly outline what is to be protected and how. In addition, agencies must have the expertise to monitor security systems to determine whether they are working adequately. The Office of Management and Budget has mandated that agencies provide security training to all new employees before allowing them access to on-line systems.

One of the biggest problems with Internet and intranet security devices is that they are usually proprietary, meaning they only can operate with products using the same protocols. Another problem is that generally no one product is enough, thus experts recommend using a variety of security devices to thwart attacks.

The most popular Internet/intranet security control is a firewall that can be placed between Internet connections and internal local-area networks and wide-area networks. Firewalls keep out intruders by closely monitoring traffic between internal and external networks. The names, applications, and TCP (Transmission Control Protocol) sequence numbers, Internet Protocol addresses and destinations of those wishing to pass through firewalls are checked against access lists. Unauthorized users are denied access to internal networks.

Firewalls contain mechanisms for confirming that information originates from where it says it does, and that it has not been altered en route. They also generally ensure that accepted data can be accessed only by addressees.

Firewalls can comprise hardware, software or a combination of the two. Some are located on separate server gateways, which are computer connections between networks. Proxy servers can be installed between specific applications and programmed to hide critical information from outsiders.

Other firewalls are contained on secured routers, which can be hardware/software combinations that filter data packets to identify source addresses of users trying to enter networks. Switches also can serve as intranet firewalls by dividing traffic into separate networks and localizing it.

Some of the largest suppliers of firewalls in the federal market are CheckPoint Software, Cisco Systems, CyberGuard Corp., Digital Equipment Corp., Harris Computer Systems, Norman Data Defense Systems, Raptor Systems, Trusted Information Systems and V-ONE. Prices range from $5,000 to more than $100,000, depending on the number of nodes on the network.

Many agencies conducting electronic commerce transactions over the Internet rely on encryption devices, which scramble data in order to protect the confidentiality of information. The products use complex algorithms to translate digital files into unreadable code that only can be deciphered with appropriate decoding devices.

Some encryption devices are software-based while others, such as Cylink's InfoGuard asynchronous transfer mode cell encryptor, rely on hardware. Fortezza cards from National Semiconductor Corp. and Spyrus Inc. are used to encrypt e-mail on the Pentagon's Defense Message System.

Two types of technology exist for encoding transmissions: public-key and private-key encryption systems. With private-key encryption, both parties share one key-or mathematical value-for encryption and decryption. IBM's Data Encryption Standard, which was endorsed as a Federal Information Processing Standard in 1977, is the most popular algorithm for private-key encryption. With public-key encryption, such as that sold by Mykotronx and RSA Data Security, each user holds a public key and a secret key. Digital signatures, which serve as electronic watermarks, can be used to authenticate senders and to verify that data has not been altered in transit.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.