Military Systems Helping to Ward Off Electronic Snoops

Cold War technology is finding a hot new market in protecting information on the Internet and corporate computer networks.

Harris Computer Systems Corp., SecureWare Inc. and others are selling corporations on high-tech gear that once foiled computer break-ins at the U.S. Defense Department. Those same safeguards appeal to companies that use linked computers known as “intranets” to transfer sensitive data.

“There’s much greater awareness about features that had only been interesting to the government,” said David Arnovitz, president of SecureWare, whose data-protection business was bought by Hewlett-Packard Co. in February.

SecureWare developed the so-called “trusted operating system” that manages First Security Network, the first bank on the Internet.

Other companies sell encryption software, “firewalls” and “tracers” designed to keep electronic snoops from plundering corporate payrolls, business plans and other secrets.

“If someone does establish a beachhead, hopefully these systems will be able to detect and evict them before he or she can do harm,” said Michael Zboray, an Internet security consultant for the Gartner Group in Stamford, Conn.

The company, which converted its data-protection system from defense applications, makes computer operating systems that include locks to keep out unauthorized intruders and “onionskin” layers of access between the Internet and a private network, or between computer users in a corporation.

Zboray estimates the data-security market at $100 million to $120 million this year. He expects that to grow rapidly through the end of the century as more companies hook up to the Internet, the public web of computers used by millions of people each day.

“Nothing is really safe if you open your network to the Internet,” said Wendell Sissler, a network salesman with Client Systems Inc. in Denver.

For companies, security and network management are a logical next step. Many built their networks with expediency--not safety--in mind, said Marcus Ranum, a networking and security consultant at Information Works! in Baltimore.

“Everybody’s network is sort of a mishmash,” he said. “The software developers playing ‘Doom’ are on the same wire as the accounting department crunching numbers.”

Products that set up barriers to online users grabbed Wall Street’s attention in recent months when so-called firewall makers Secure Computing Corp. and Raptor Systems Inc. went public.

Recent break-ins, including one discovered on April Fool’s Day, show that firewalls can’t repel every attack.

“There’s lots more to security than just a firewall,” said Harris Chief Executive E. Courtney Siegel, who said his company’s system wasn’t the one compromised in the break-in.

On April 1, U.S. agents said they discovered that a 21-year-old hacker removed confidential files from some Pentagon computers and penetrated the networks of NASA and the Navy--all from his parents’ apartment in Buenos Aires.

Julio Cesar Ardita gained access by using a basic computer, modem and Harvard University’s Internet site based in Boston.

Ardita recorded the passwords of other users by embedding “sniffer” programs in Harvard’s computers, permitting trespass to sensitive government sites linked to Harvard’s system.

The minimum needs, said Gartner’s Zboray, are systems that can monitor activities of those who, as Ardita did, enter the network illegally, and beefed-up pass codes that create further barriers.

High-profile attacks aside, corporate computing security hasn’t gotten the attention it deserves, said Zboray. “It’s a big blind spot for the community.”

While other companies such as Checkpoint Systems Inc. and Trusted Information Systems Inc. also are tackling the security issue, people will have to get used to systems not being 100% safe, said Client Systems’ Wendell.

Zboray agrees, adding that anything involving humans is ultimately vulnerable.

“The person doing the attacking has time on his side. Someone who means to do you harm is going to wait for your network administrator to screw up,” he said. “Then he’s going to attack.”

Even if the system does keep out the “kid in Belgium,” said Ranum, it doesn’t prevent people at the company from obtaining company secrets left unattended on employees’ desk. “If I really wanted to get behind your system, I’d get a job” there, he said.