NASA technology protects mainframes
- By John K. Waters
According to the 2002 CSI/FBI Computer Crime and Security Survey, more than
90% of the study's 503 respondents (mainly Fortune 500 corporations and
government agencies) reported detecting a computer system security breach within
the last year, with the average annual financial loss reported at about $5
Here's another disturbing statistic: The most critical data storage device in
an enterprise -- the mainframe -- is typically overlooked during disaster
recovery planning. That's according to mainframe security maven Ronn H. Baily,
who made the observation during a recent briefing at the White House. ''Mainframe
computers are less secure now than they were just seven to 10 years ago,'' Baily
said, ''and mainframe systems, by and large, are very vulnerable to unauthorized
access, misuse and attack.''
Baily, who is the founder and CEO of Vanguard Integrity Professionals,
estimated that 70% to 80% of the world's mission-critical data resides on
mainframe computers. He also cited studies from Gartner Group, which estimate
that 90% of those machines are connected to the Internet, and 50% are engaged in
some form of e-business today.
''Every year, organizations spend millions of dollars on intrusion-detection
products to minimize risk to their distributed networks, which contain
approximately 15% of business-critical data,'' Baily said. ''But they overlook the
mainframe ... the most critical data storage device.''
Baily's Nevada-based company makes Enforcer, an intrusion-detection and
management solution that is designed specifically to watch over the company
mainframe. The product's underlying technology was originally developed for and
with NASA, shortly after the German Chaos Computer Club hacked the NASA Space
Physics Analysis Network in early 1987. NASA did not discover the intrusion
until three months later. The agency's Space Shuttle's Primary Avionics Software
System flight software code had also been compromised in November of that same
Vanguard has been working with and supporting NASA's security program for
more than 10 years, Baily said. The first version of Enforcer was delivered to
NASA and implemented in 1991. The agency granted exclusive right to
commercialize the technology to Vanguard in 1999.
Vanguard Enforcer is designed to provide real-time notification of security
breaches to organizations exposed to outside security threats, such as hackers,
cyber-terrorists and users inside their networks (which Baily calls the number
one threat to information systems).
The latest version of the product is scheduled for release sometime later
John K. Waters is a freelance writer based in Silicon Valley. He can be reached