Michael P. Cangemi, CISA, CPA, Editor-in-Chief
- The Critical Infrastructure Assurance Washington Summit
- Technology Forecast
- Quotes of the Issue
Information technology is now an $800 billion industry in the United States. Productivity improvements have sparked one of the greatest periods of economic prosperity in the history of the United States. According to InformationWeek, US productivity grew at approximately 1.5 percent annually between 1970 and the mid 1990s. However, during the last five years of the century, productivity leaped to an average of 2.66 percent annually. This translates into an extra $70 billion of productivity output per year. Similar developments are taking place worldwide. As systems permeate all organizations and society in general, the national economic and security interests have become bound together with our technology infrastructure.
President William J. Clinton has created the Critical Infrastructure Assurance office of the US Department of Commerce. This department recently called together leading business, technology and information systems control specialists from around the world for a Washington summit to address the critical infrastructure assurance of financial and computer systems in general. This unprecedented support from the highest levels of government in the most technologically wired country in the world emanated from the Y2K systems vulnerability projects. Business and government leaders learned that they essentially bet the company and the country on software dependency.
A call for greater security awareness and systems to address security risk streamed from the presentations of John D. Podesta, the White House Chief of Staff, the Honorable Lawrence H. Summers, Secretary of the Treasury and Richard A. Clarke, National Coordinator for Security, Infrastructure Protection and Counter Terrorism. It was announced that there will be an IS security program offering scholarships from the government for students who study information security and agree to work in government for a few years.
Concerns were raised over the vast amount of programming that was performed to address the year 2000 issues both inside and outside the United States. If a Trojan horse or trap door requires only two lines of code, then what is the probability that many of these subversive code elements have been entered in the rush to meet the Y2K deadlines? Richard Clarke said, "Productivity gains do not come cheap; we have to pay for systems and security." Security standards from various IS security organizations were provided along with a call for the development of generally accepted security standards. Paul Williams, International President of ISACA® (the publisher of this Journal), discussed the status of security standards and presented all in attendance with a copy of COBIT, which is fast becoming an accepted standard worldwide.
According to Secretary of the Treasury, Lawrence Summers, "IT is a large part of the present and will be a larger part of the future." He called for an organized effort to improve computer security across all systems. The Treasury Secretary suggested we are having an "IT supply shock." Instead of rising prices as in an oil shock, we have falling prices causing a massive implementation, which results in systems that are put in without enough attention to security. Here too it was pointed out that IT is a "bet your business issue." If systems fail, customers will be lost and the economy will suffer.
It was obvious that the Internet denial of service attacks on eBay, Amazon.com, Yahoo and others were a wake-up call to the government agencies concerned about security and counter- terrorism. One of the goals set was to reduce the lag between the development of new technology and adequate security features. The analogy to the airline industry was interesting. Apparently, in the 1930s, early aviators forecasted a tremendous opportunity for improvement in travel via the air. However, recognizing that no one would travel unless it was deemed safe, appropriate measures for safety were factored into the equipment and airline systems. As a result of the dedicated attention to safety and security, air travel is the safest means of transportation today. A call was made for the computer technology industries to make similar investments and achieve higher standards. According to Bill Murray, executive consultant, Deloitte & Touche, the current state of information system security is now analogous to the DC-3 airline of 1937.
Most who spoke at the summit commented that this computer security risk issue is more a management issue than a technology issue. However, I believe it is a very serious technology issue. In my mind, while management needs to call for better security, the engineering and scientific community within the technology development companies should be the first line of attack. A great deal of time was spent discussing what questions board members should ask; however, implementation requires the development of security features and back-up procedures that are efficient and effective.
A board-level call-to-action document on information security management and assurance was prepared and presented to the attendees at the Summit. This is an excellent publication, and the call for attention to the subject of information system security and control is extremely valuable. My suggestion is to hold similar summits involving the chief engineers from IBM, Oracle, Microsoft, Cisco, AT&T and other leading technology and communications developers. Security needs to be built into the infrastructure of systems while they are in development. The information systems control community can help guide these efforts with the goal of improving security and reliability. Furthermore, government funded projects, such as the Star Wars initiative for potential missile attacks, should be organized to address the potential terrorist threats which helped launch this Presidential initiative.
I admit it! I am a capitalist. I love to see people getting together to create enterprises that result in capital formation, income growth, job creation and goods and services that benefit our society. As the Editor-in-Chief of this technology control magazine, I have watched the interplay of computer technology with business and government enterprise. One of the greatest accomplishments of all time is the growth of productivity as a result of the computer revolution. This productivity boost will fuel further investment in technology. We should make sure a proportionate share of the capital earned is spent on security and control.
It was my privilege to attend this landmark summit. Others are planned around the country to continue to focus attention, as we do every issue, on IS control. To keep ISACA products in the forefront, COBIT® Executive Summaries were given to all summit participants.
PricewaterhouseCoopers has published its technology forecast for the year 2000 and beyond. This annual forecast has been presented since 1988 by Bernie Plazman and Eric Berg. Bernie is a long-time contributor to the IS control community and he ensures the technology forecast stays focused on security and control, as well as on technology developments.
The overarching technology trends forecast began with developments on semiconductors. Basically, transistors keep getting smaller resulting in continually lower prices, improved performance and continued proliferation of computing devices. Their forecast is for this trend to continue at least until 2005, at which point "some serious technical challenges begin to intrude."
Storage costs have also dropped significantly from $11.54 per MB in 1988 to $0.07 per MB in 1998. That's a whopping 99 percent reduction in cost! This results in new utilization of technology in business, such as data marts, which improve productivity.
New exciting developments resulting from this trend include disk-based entertainment centers, which will record and store programming with an expanded user interface. For example, users will program the device to select and store chosen subjects for later viewing. Single-chip video cameras and web cams are already changing the social and business paradigm. Families are able to check in on their children. I can view my shipping dock from anywhere, any time, as long as I have web access.
Network capacity is growing as rapidly, or more rapidly, than semiconductor improvements for processors. High capacity fiber networks and wavelength switching are making broadband (multiple streams of data) a commodity, and all optical networks a reality. However, Internet traffic is doubling every 100 days, which is faster than capacities are improving. Wireless continues to evolve. As this technology evolves, traffic on the web will take another exponential leap!
Another trend is web-delivered application services, which I have been a proponent of for years. These enable sharing and cut down on cost by reducing the installation, maintenance and initial cost of software. Why buy when you can rent? Other trends include e-mail management and wireless-enabled web access. Work was originally performed on paper; it then went to green computer screens, then graphical interfaces and now wireless personal access devices. The trend for users continues to be away from basic PCs to multiple devices for users. At present these devices include the PC personal assistant devices, such as the Palm Pilot, and cell phones. Eventually, these devices will need to be integrated.
In the enterprise resource planning (ERP) area, the trend is the saturation of the large companies and a move to a portal, less streamlined versions for delivery to smaller companies. Customer relationship management (CRM) utilization is a major trend. Integrating CRM with marketing and ERP core systems is the current evolution in this area.
As always in the IS control world, technology continues to race ahead. Remember, we are a high-maintenance, training-intensive profession. Read this Journal regularly and register for a conference or seminar!
"We have to keep cyberspace open and free. We have to make computer networks more secure and resilient and we have to do more to protect privacy and civil liberties."
- President Clinton, February 16, 2000
"You go to your TV to turn your brain off. You go to the computer when you want to turn your brain on."
- Steve Jobs
Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2000 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.