Tech Insider: Securing the cyber front

Last year's spate of hacker attacks, viruses and worms shed light on the nation's poor state of information security--and the government's inability to shore it up. After Sept. 11, the state of the country's cyber security seemed even more vulnerable to an even wider range of threats, and the White House stepped forward with what seemed like a bright idea to secure the cyber front.

To safeguard the government's vital interests and keep it running in a time of crisis, Richard Clarke, President Bush's cybersecurity czar, told the technology industry to build Uncle Sam an exclusive, super-secure, government-only network that would be 100 percent impenetrable and safe from online attacks. It's called Govnet, and despite Clarke's best effort to articulate the administration's vision, few people really know what it is.

With a reported cost as high as $45 billion, Govnet is a coveted contract, but technology executives are frustrated by what they see as the government's inability to define what exactly Govnet would be. Even though the General Services Administration has issued a request for information (RFI) on a system that is open-ended enough to allow for private sector creativity, most private sector executives seem to be in the dark about what the government wants.

The consensus among industry officials appears to be that the government hasn't really made a request for anything, but rather that it's gone on an intellectual fishing trip, throwing the prospect of a huge Govnet contract into the technology shark tank and watching the players go to work on it.

"Govnet's created a bit of a discussion, and that's good," said Paul Kurtz, Clarke's deputy and the White House's senior director for National Security, who declined to comment on what that discussion has yielded so far.

Two philosophical camps have developed in the private sector about how Govnet should operate. The first holds that a telecommunications carrier is best-suited to run the exclusive network over its existing fiber optic lines or to build a new network. Telecom giants Sprint, AT&T, WorldCom and others already provide the government with long-distance, local and data service throughout the country and run secure, private networks for the Defense Department.

The second option would be to hire a massive technology contractor, a systems integrator, to piece Govnet together from existing network structures. Relying on multiple networks and redundant systems instead of one carrier's infrastructure would give the government greater security in the event that terrorists attacked Govnet, integration firm executives argue.

Of course, both camps think they have the right idea. And judging by the initial response to the government's request for information, it would seem that interest in the market was unusually high. An administration official said the government had received nearly 170 responses, an enormous reaction to an RFI.

But that first curiosity in Govnet has simmered as frustrated industry executives wait for the White House to make the next move. "It is alive enough so that nobody has taken it off their radar screen," said James Kane, president of Federal Sources Inc., a federal technology market analysis firm in McLean, Va. At this point, discussions within the Office of Management and Budget will determine the next step the government takes, according to an administration official.

Kane said that Govnet has technology companies torn. On the one hand, there is wide skepticism about whether the government has really thought through the idea. That uncertainty might drive companies away. But, the potential value of a Govnet contract could be so huge that no one can really afford to ignore it, he said.

Industry and government are also divided on whether Govnet is feasible. On paper, the government has said it wants a hacker-proof, impenetrable network. But administration officials have said publicly that such a thing can't be built.

In an address to a meeting of Washington area technology venture capitalists in March, Kurtz advised his audience that no company can deliver a totally impenetrable network. "I don't know that people understand that the information systems they use can break down, that they can be targeted," he added.

But when asked later if the White House had given up on making Govnet into such an extensive information fortress, Kurtz said it hadn't.

Ensuring security by building a government-only network would cost a great deal, telecom and integration executives agree. New fiber optic cable would likely have to be built, an unappealing proposition since so many telecom firms have plummeted into a financial abyss in the past decade after laying out billions of dollars to manufacture cable that has gone largely unused.

Then there's the question of how useful Govnet would be. Government agencies don't just talk amongst themselves. They have to interact with outside parties on a daily basis. Government executives have asked whether, for example, public health organizations or businesses could communicate with agencies over the government's private lines.

Considering that the president's homeland security strategy calls for increased public-private partnerships to prevent more terrorism, many in industry as well as government don't see the point in creating such a super-safe system. "You can make the most secure network, but it's not going to be very useful," said Paul Brubaker, president of e-commerce firm Aquilent and the former Defense Department deputy chief information officer.

Kurtz said the government "is not predisposed to the physically separate network." But no decision has been reached on much of anything about Govnet, so even official comments like those don't buoy the hopes of industry officials all that much. The end result of the Govnet hubbub may be to show that the government has no better idea today about what kind of cybersecurity it needs than it did before Sept. 11.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec