Sunday, October 13, 2002

SECURE APP/COMMODITY PIPES: I was at a conference a couple of weeks ago where Carol Haave, Deputy Assistant Secretary of Defense (Security & Information Operations, C3I) was delivering a talk about "Secure Collaboration on the Battlefield".  She told a fabulous story about how she commissioned a team to come up with policy for wireless communications.  It was clear to Carol and others that wireless offered the solution for the challenges they faced specific to giving the warfighter, and other battlefield sensors, access to each other and critical information necessary to achieve edge-based decision superiority.   Some time later, the task force came back with their policy recommendation: ban ALL wireless solutions from all of DoD.  Blackberries?  Gone.  Cell phones, PDA's, Wifi, Bluetooth?  Gone.  The task force had concluded, perhaps appropriately so, that wireless technologies were difficult to secure and presented operational risk.  Certainly not the outcome Ms. Haave was expecting, and certainly not one we can live with.  But it does represent a view I'm seeing in the industries that service government: Concrete and rebar around the data communications infrastructure, even if it means creating impenetrable, hardened silos. Interestingly enough, this view is not one that is shared by many government constituencies.  Ms. Haave presented another view that resonates with something Ray Ozzie wrote about more than 18 months ago in his article "A Modest Proposal" that appeared on ZDNet.  It's one where we ascribe to the notion of leaving the pipes (in this case "air") largely unencrypted, and secure the app and the messages/packets it puts onto said pipes.  Military-grade crypto at the app layer, riding on top of commodity, whatever-comms-are-available-to-me networks.  Sounds like Groove. 9:54:46 AM