- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Many of the U.S. Air Force’s mission-critical logistics applications, such as its cargo scheduling software, were developed to be used in a closed network environment. But now that the U.S. military is shifting toward greater use of the Internet, there’s heightened concern about making sure Web-based applications don’t get shot down from hackers exploiting software flaws.
“The Department of Defense and the Air Force are moving to a more ‘Net-centric approach,” says Greg Garcia, member of the Senior Executive Service of the U.S. Air Force and Director of the 754th Electronic Systems Group (ESG) based at Maxwell Air Force Base at Gunter Annex, Ala. “Many of our applications in the past were built to be on closed networks. But now we’re being more Web-focused and using commercial-off-the-shelf software to a greater degree.”
This transition is raising concern in military circles that there will be break-in attempts, such as using SQL injection attacks, cross-site scripting or other assault methods to try to throw Web-based logistics systems into disarray.
To defend against that, one step the Air Force is taking is to establish the USAF Application Software Assurance Center of Excellence to define “application security best practices,” Garcia says.
The USAF Application Software Assurance Center, managed by the 754th ESG, will focus on source-code analysis, penetration testing, application shielding and database monitoring procedures.
The 754th ESG also intends to work closely with the 554th ESG responsible for testing IT systems used in combat support. Others responsible for military technology, including the National Security Agency and the Defense Information Systems Agency, are also partners in the project.
Security vendors are being drafted for the project. Cigital, Fortify, Watchfire (acquired by IBM), and Application Security have been tapped under a contract awarded to Telos to help set up the Application Software Assurance Center of Excellence at Maxwell AFB. The two-year award, placed under the larger NETCENTS contract, is valued at a minimum of $10.2 million and a maximum of up to $75 million to provide application-level security products and services.
Garcia says he anticipates a phased plan that will begin with procedures such as analyzing source code for vulnerabilities or wrapping Fortify’s Defender shield around software to protect application code.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment