I've been reading Brown's first effort,Digital Fortress, which has just been released in paperback in the wake of his forest-fellingly successful The Da Vinci Code. Digital Fortress is about a mild-mannered language teacher who gets dragged into some European espionage work by his brilliant, beautiful NSA cryptographer girlfriend, in search of a pass key for an unbreakable algorithm. (For a more detailed plot summary, try www.danbrown.com . You'll also find out the spooky fact that Brown used to be a teacher and his father is a maths professor.)
TRANSLTR, the NSA's secret encryption-breaking computer, has its own power supply, a bomb-resistant roof, three million processors in parallel and a $US1.9 billion price tag. Add virus protection for Africa to keep away nasties sent by those tree-hugging freedom fighters. It's all complete fiction of course; no one would spend that much on technology.
If you think I'm trying to parlay reading a dodgy airport novel (a friend couldn't read more than a few pages of Da Vinci) into a column about security, you're right. Microsoft's Steve Riley has reminded several hundred people this week that companies need to at least try to keep up with the bad guys. Firewalls, sure, but also PC-level protection, mutual authentication, encrypting internal network traffic, monitoring outgoing traffic and controlling access to devices. Security as default; paranoia as default.
Riley, a frequent visitor to these islands, is a technologist so he didn't talk so much about policy or hiring a dedicated IT security manager.
IDG, the publisher ofComputerworld has a publication in the US devoted entirely to IT security bosses, CSO. In one recent article, CSO suggested that the task of maintaining secure computer networks may have outgrown the IT department. These days, it says, IT security is as much about sleuthing as it is about technology, and it requires the instincts of a cop, albeit a cop with some serious technology training. The suggestion was made that IT people aren’t up to the job because, sadly, they trust people. CIOs might also already have way too much on their plates.
They're certainly thinking a lot about security. A poll of US CIOs last month found that security continues to dominate their list of priorities, with 56% planning to spend more on security software over the next year -- an increase of 10% from the month before.
Another US survey of IT leaders found that security remains a huge concern, with 57% of those polled saying that viruses, worms and other attacks cause the greatest expense or potential for disruption on a daily basis, while 24% said patch management is the most costly or disruptive security task.
It's clearly better to have a fence at the top of a cliff than an ambulance at the bottom, but it's a harder argument to make to those holding the purse strings.
In an October 2003 survey by the US edition ofCIO magazine, respondents who described themselves as "very confident" in their companies' security were nearly twice as likely to have information security reporting outside of IT than those who described themselves as "not at all confident" in their security. The confident companies suffered nearly six times fewer security events, had less downtime and fewer financial losses than the less confident companies. They also spent double the percentage of the IT budget on security (14% versus 7%) and paid more attention to organisational reporting and security policy issues.
Of course, if your budget is a few billion dollars, what's a few more noughts?
- On a much more pleasant note, congratulations to all the Computerworld Excellence Awards finalists. It was great to meet a few of them and some of the hard-working judges. See you -- and 500 of your colleagues -- on June 25 for another very pleasant night.
Broatch is Computerworld's deputy editor. Send letters for publication to Computerworld Letters.