Former ODNI CIO: Cyber discussions must happen

Friday - 5/21/2010, 3:00pm EDT

Dale Meyerrose, Harris Corp. and former CIO at ODNI

Click to hear the interview

Download mp3

As you may -- or may not -- have heard, Harris Corporation is building the country's first cyber integration center and is developing what it hopes will be a secure business model for cloud computing.

Dale Meyerrose is vice president and general manager, Harris Cyber Integrated Solutions, and former chief information officer at the Office of National Intelligence.

He says Harris is hoping that this new integration center will change the way agencies look at cloud computing.

"We think that what's changing is 'things as a service': infrastructure-as-a-service, security-as-a-service, identity management-as-a-service, application development-as-a-service -- all of those kinds of things for hosting that organizations, both commercial and government, will need in order to provide great agility and great efficiency that would take them too long to do in house."

Basically, the concept consists of marrying a database with an application stack. The partnership would have levels of security and access controls depending on the customer's need.

"We think it has great potential. . . . In our business, we've been talking about cloud and hosted services for some time. There's not a trust out there, either in the private or public sector, that says -- how can I trust this and what are my levels of security? So, we're creating a business model around a trusted platform with a trusted supply chain integrity not only of the physical part of the Cyber Integration Center, but also the data part."

Harris recently acquired SignaCert, Inc. and Meyerrose says this is an integral part of their security plan.

"SignaCert's major patents have to do with a technique we call 'white listing', which says what is permissible, and we have the largest global signature cyber database in the world. We collect signatures against which to compare data to the tune of about 5 million a day. So, this is how we're going to ensure the supply chain integrity of the data. It doesn't do you any good just to focus on the hardware and software because, as we're learning, the advanced persistent threat attacks in other kinds of ways."

The Harris Cyber Integration Center should be fully operational by the end of 2010.

On a broader note, Meyerrose spoke with DorobekInsider about the overall topic of cybersecurity.

In Monday's Must Reads, we told you about that Danger Room blog post in Wired regarding companies like Harris and Booz Allen Hamilton who are heavily invested in the cybersecurity war.

Are these companies blowing the threat of cyber attacks out of proportion?

Meyerrose says the answer to the question has a lot to do with ethics.

"The element of cyber crime is not an artificial need. It's so invisible to most of us that it's really hard to see. Unless you're a personal victim, and lose your identity or something like that, it's pretty hard for the normal person to see the urgency about it. When dollar total of cyber crime is higher than that of other kinds of crime, then it's a real problem, but there's not something to fear behind every tree. There potentially is. It's a matter of what kind of safety we want in that arena."

The balance between personal rights, capabilities, productivity and safety must be maintained, he adds.

"In every industry, whether you're talking about the automobile industry and transportation, whether you're talking about the banking industry or any kind of industry, it's good for these ethical discussions to [happen]. I think that the cyber element only gets hyped when there's an incident. People rally around the incident and want to demonize somebody and they can't do it and nothing sticks."

The biggest problem with discussions concerning cybersecurity has to do with the lack of real-world examples. When government agencies are attacks, it's often a matter of national security and the incidents are classified. Many private companies conceal attacks, as well, because they don't want to make their shareholders nervous.

"That's why this discussion of Google and several companies in China is very remarkable. It stands out as an exception of a series of companies making public things that have not been in practice before."

Read more about cloud computing in the federal space at the Fed Cloud Blog.

Check out all of Federal News Radio's coverage of cybersecurity issues here.