COTS raises data security concerns

HILTON HEAD, S.C. - Commercial off-the-shelf (COTS) computers and software are playing a big part in military information systems of the future, yet data security in the age of COTS can give systems integrators heartburn.

Jan 1st, 1998

By John Keller

HILTON HEAD, S.C. - Commercial off-the-shelf (COTS) computers and software are playing a big part in military information systems of the future, yet data security in the age of COTS can give systems integrators heartburn.

One of the central issues involves the military`s relinquishing control of important data networks that traffic in sensitive information such as troop movements, staffing levels, and even the financial and medical records of soldiers in the field.

Two pioneering initiatives that seek to make broad use of COTS equipment and services are the U.S. Navy`s so-called Smart Ship and Smart Base programs, explains Rear Adm. John Scudi, director of the shore installation management division of the U.S. Navy Office of the Deputy Chief of Naval Operations for Logistics in Washington.

These programs involve issuing identification cards to military personnel with electronic data stored on chips attached to the cards. This data contains the owner`s banking information and medical history, among other military records. The card would speed permanent or temporary transfers to other bases, deployment details, paycheck bank deposits, and updating needed medical attention such as immunizations.

Scudi made his comments at the U.S. Naval Surface Warfare Center Crane Division Technology Management Symposium & Expo in November at Hilton Head, S.C.

In an automated system of this magnitude, an inadvertent or intentional corruption of software and computer systems from system malfunctions or from a determined information warfare attack could severely hamper troop movements and logistics.

The problem is that with limited control over COTS system software and hardware, military security experts cannot be as proactive as they might like to be in safeguarding important data.

Scudi, however, has a different take on the issue. Although he acknowledges that making widespread use of COTS does raise substantial data security issues, he says he is confident that commercially developed data security measures are perhaps as stringent as military data security - particularly in systems involving money.

Scudi says commercial data security in crucial applications such as automated teller machines is the rival of some of the best military encryption, and may be next to unbreakable. "The COTS world has encryption technology when there`s cash involved like nothing you`ve ever seen."

More in Communications