Government Technology
Government Technology: State & Local Government News Articles

Security Expert: Fight Cyber-Crime Through Procurement

Bookmark and Share
Comment
You May Also Like

SANS Institute director of research Alan Paller

Jan 30, 2009, By Steve Towns, Editor

Photo: Alan Paller, director of research, SANS Institute

Government's best weapon against dangerous cyber-attacks may be the public purchasing system, according to security specialist Alan Paller, director of research for the SANS Institute.

Paller urged state and local officials to write new requirements into procurement contracts that make vendors responsible for vulnerable software. "As of today, no procurement should come without security language in it," Paller said Thursday at Government Technology Conferences' GTC Southwest in Austin, Texas.

Shoring up vulnerable software is crucial for public agencies as cyber-threats grow in sophistication. Organized crime, terrorist groups and hostile nations now account for most major attacks, and they're making huge amounts of money from identity theft and extortion, said Paller. The FBI estimates that organized crime now reaps more profit from cyber-crime than from the drug trade, he said. What's more, those profits are plowed back into research and development that produces ever more sophisticated methods of attack.

Public- and private-sector organizations are struggling to keep pace with the growing number and severity of cyber-crime attacks. Instead of patching software systems after they're purchased, governments should demand stronger products before they buy, Paller said. "We can't continue to blame users for security vulnerabilities. You need to make vendors responsible for the security of their products."

Paller pointed to a new list of the 25 most dangerous programming errors that was jointly developed by more than 30 national and international security organizations. The list -- released in January -- identifies programming problems that produce security flaws and enable cyber-espionage and cyber-crime.

 

 

Video: Watch Staff Writer Hilton Collins show us how vulnerability is written into code.

These errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and software companies frequently don't test for them when developing products, according to the SANS Institute.

Paller urged governments to force vendors to verify that software products are free of errors identified by the Top 25 list before purchase. Inserting that requirement into government purchasing contracts would dramatically improve protection against cyber-attack, he said.

"You guys can do it," Paller said. "State governments can act together. You have massive power to change security. If you do that, you can change the world."

TL

Latest Government Technology News


Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Related Products and Services

Marketplace


Get Public CIO's Bi-Weekly Newsletter
This section
brought to you by:

CA RC Q1 2010 Resource Center

Take our Identity
Lifecycle Management (ILM) Survey

Can your organization keep pace with its growing demands while enforcing security controls?

Take Survey Now!

Mainframe

White Paper: The Mainframe Opportunity IT Strategies For Achieving Breakthrough Value

Forrester conducted interviews with CIOs/CTOs of mainframe users in the US and Europe to better understand their strategies in the use of the mainframe.

Strategy Paper: CA's Mainframe 2.0 Strategy Roadmap

Fully capitalize on the potential value offered by the mainframe as the availability of mainframe professionals becomes increasingly constrained.

MF 2.0 Product Brochure

Mainframe 2.0 is CA’s new and far-reaching initiative that is changing the way the mainframe is managed forever.


Cybersecurity

IDC White Paper - Identity Lifecycle Management: Bringing Together Security, Identity and Compliance

Read this to learn about the technology and best practices needed to manage your identities throughout their lifecycle.

I Am Who I Say I Am

This paper discusses the drivers, responses and challenges associated with information security in Government.

Simplify and Secure: Managing User Identities Throughout their Lifecycles

Find solutions that simplify, automate and secure the activities for creating and modifying user identities and roles throughout the organization.

Virtualization / Cloud Computing

White Paper: Integrated Infrastructure and Performance Management for Virtualized Environments

Government agencies use virtualized environments to decrease costs, consolidate data centers and reduce environmental impacts.

CA Virtualization Management

CA Virtualization Management solutions provide integrated end-to-end management, automation and security which drive better outcomes.

Working Together to Maximize Business Value of Your IT Investments

VMware and CA have responded to your requirements by forging a solid partnership focused on your enterprise's needs.

Project and Portfolio Management

A Life Cycle Approach to Grants Management

Using project management at every stage of grant administration can maximize funds now and for the future.

A Platform for the New Transparency: Meeting the Challenge of ARRA Grants Management in State and Local Government

The sheer size of ARRA and new grant opportunities has had a tremendous impact on the workload of grants management staff. But the size of the program is only part of the story.

Success Stories: IT Governance: Making the Difference in Cities, Counties and States

Decision-makers need to align IT projects with organizational goals.  See how three agencies achieved this.

Yes! I would like more information about CA's solutions for Government.

Government Jobs

Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health