Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 10/07/02 issue

Where are they now...

Lynn McNulty

By Nancy Ferris, Special to GCN

Lynn McNulty held the entirely unofficial title of “Mr. Civilian Government Information Security” during his seven years as associate director for computer security at NIST. That period, from 1988 to 1995, coincided with the virtually universal deployment of computers on federal desktops and ubiquitous networking of those computers. It all presented security problems undreamed of in the mainframe era.

Toward the end of McNulty’s NIST tenure, federal desktop systems were being connected to the Internet, raising the security stakes still further. Throughout these technology changes and controversy over issues such as encryption, he remained a voice of reason and practicality, often consulted by Congress and the White House.

Today, he provides consulting services to public- and private-sector clients through his firm, McNulty and Associates of McLean, Va. His resume also includes a stint as director of government affairs for RSA Security from 1997 through 2000. Earlier in his government career he was the first director of information systems security at the State Department and worked in computer security at the Federal Aviation Administration.

McNulty’s thoughts: “Over the last decade or more, we have made major advances in one area of security: problem recognition. For example, it would have been unimaginable around 1990 to have a cybersecurity adviser to the president, as we have today in Richard Clarke.

“But are we doing a better job of protecting our information systems and the information they contain? In many cases, I don’t think we are. The problem keeps developing and remains one step ahead of the solutions. We also suffer from resource shortages.

“I think information security will be a profound issue for the next 20 years or more. Government and industry must continue to work together on security. The government understands the threats fairly well, but it cannot respond unilaterally because it relies on commercial hardware and software. I think the industry has to be more active in producing secure products than it has in the past. Security features are always coming in the next release, and they never get here.

“One important development in the last 10 or 15 years is that information security has emerged as a separate and distinct career field. I was one of the first people to make a career out of information security, but today there are many people who devote their careers to this field. Many of them have more technical expertise than I had when I began this work, and that’s good. In government, we need tech-savvy people who also understand policy and management issues.

“New kinds of security threats have emerged over the last few months in the area of homeland security. We are not yet able to ensure continuity of public services at the state and local levels, as well as the federal level, and secure communications among all the many public-safety agencies is still a problem. The issue of wireless security will be a major challenge over the next decade.”
Previous << 1 2 3 4 5 6 7 8 9 10 11 12 13 >> Next