Cyber-security plan aims to keep private accounts safe

FEDERAL WORKERS

July 07, 2006|By MELISSA HARRIS

In 1981, Mark Hagerty experienced what he called "a minor disagreement with his boss" that left him jobless with a mortgage, a pregnant wife and no college degree. No one, he said, wanted to hire a Miami-based air traffic controller after President Reagan fired them all.

However, they did want to hire computer programmers, and after taking odd jobs answering phones and doing construction Hagerty concluded that happiness required an office with air conditioning. He enrolled in college.

Hagerty, who lives in Crofton, is now responsible for the cyber-security of more than 3.6 million current and former federal workers' retirement savings as chief information officer for the Thrift Savings Plan in Washington.

"I thought, wouldn't it be nice to not have to work in 90-degree weather in Miami?" said the 52-year-old former executive at the National Security Agency. "Those computer programmers looked like they had it made."

In light of recent, high-profile cyber-security errors in the federal government, Hagerty has been called before his agency's board to outline continuing initiatives to protect federal workers' accounts. The next major project will be a switch from the use of Social Security numbers to less-personal account numbers to access the plan's features.

"We have not had anyone break through directly," Hagerty said. "We did have a situation where an e-mail hoax convinced a couple of participants to give up some personal information."

In March, he said, about 500 people called the plan with concerns about an e-mail that directed participants to a Web site that looked exactly like the plan's and asked them to enter personal information, including Social Security and credit card numbers.

"We're transitioning from hacker attempts and viruses to what we see more, what I would characterize as `social engineering.' E-mails lure you to a spoof Web site and glean personal information from you," Hagerty said.

Hagerty said that the plan conducts penetration tests on its systems and sends workers fake social-engineering attacks to "keep them vigilant."

"The threat environment is very fluid," he said. "The bad guys are very creative, and we have to make sure we're on top of their latest games."

Hagerty would not disclose many details about more technical efforts to block hackers and viruses, but he did mention one technological advance that his staff is working on that would have avoided much of the woe caused by the recent theft of a Department of Veterans Affairs laptop containing personal information on millions of current and former military personnel.

If a laptop is stolen and later used to access the Internet, the agency's software would send a signal to the laptop through the Internet connection instructing the machine to scramble its data.

"Everything on the machine would be literally unreadable," Hagerty said. "It would render it unusable and turn it into a paperweight."

Hagerty grew up in Battle Creek, Mich., the son of owners of a sundry store that "sold just about everything except for liquor," he said. He joined the Air Force after high school, serving as an air traffic controller. After leaving the military with the rank of sergeant, he performed the same job for the Federal Aviation Administration until President Reagan fired all of them for striking.

He started college in Miami, but then moved to the Baltimore-Washington area in the mid-1980s after his wife got a job in the Customs Service. He found a job with the Department of Defense.

It took him eight years to earn a bachelor's degree in information systems management, which he received in 1990 from the University of Maryland.

He worked in the private sector for short stints and then oversaw the National Aeronautics and Space Administration's 58,000 desktop computers and engineering workstations.

In 2002, he left NASA to join the National Security Agency as chief of the office of mission assurance, which essentially ensures that the agency's personnel and systems remain up and running during disruptions, such as power failures or attacks.

"The unfortunate thing is that we can build all of the firewalls and computer defenses imaginable, and people still make mistakes," Hagerty said.

The writer welcomes your comments and feedback. She can be reached at melissa.harris@baltsun.com or 410-715-2885. Recent back issues are available at baltimoresun.com/federal.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.