News

NASA technology protects mainframes

• By John K. Waters
• October 7, 2002

According to the 2002 CSI/FBI Computer Crime and Security Survey, more than 90% of the study's 503 respondents (mainly Fortune 500 corporations and government agencies) reported detecting a computer system security breach within the last year, with the average annual financial loss reported at about $5 million.

Here's another disturbing statistic: The most critical data storage device in an enterprise -- the mainframe -- is typically overlooked during disaster recovery planning. That's according to mainframe security maven Ronn H. Baily, who made the observation during a recent briefing at the White House. ''Mainframe computers are less secure now than they were just seven to 10 years ago,'' Baily said, ''and mainframe systems, by and large, are very vulnerable to unauthorized access, misuse and attack.''

Baily, who is the founder and CEO of Vanguard Integrity Professionals, estimated that 70% to 80% of the world's mission-critical data resides on mainframe computers. He also cited studies from Gartner Group, which estimate that 90% of those machines are connected to the Internet, and 50% are engaged in some form of e-business today.

''Every year, organizations spend millions of dollars on intrusion-detection products to minimize risk to their distributed networks, which contain approximately 15% of business-critical data,'' Baily said. ''But they overlook the mainframe ... the most critical data storage device.''

Baily's Nevada-based company makes Enforcer, an intrusion-detection and management solution that is designed specifically to watch over the company mainframe. The product's underlying technology was originally developed for and with NASA, shortly after the German Chaos Computer Club hacked the NASA Space Physics Analysis Network in early 1987. NASA did not discover the intrusion until three months later. The agency's Space Shuttle's Primary Avionics Software System flight software code had also been compromised in November of that same year.

Vanguard has been working with and supporting NASA's security program for more than 10 years, Baily said. The first version of Enforcer was delivered to NASA and implemented in 1991. The agency granted exclusive right to commercialize the technology to Vanguard in 1999.

Vanguard Enforcer is designed to provide real-time notification of security breaches to organizations exposed to outside security threats, such as hackers, cyber-terrorists and users inside their networks (which Baily calls the number one threat to information systems).

The latest version of the product is scheduled for release sometime later this month.