Return-Path: <sentto-279987-2475-1001704177-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 12:11:07 -0700 (PDT) Received: (qmail 2839 invoked by uid 510); 28 Sep 2001 19:09:51 -0000 Received: from n35.groups.yahoo.com (216.115.96.85) by 204.181.12.215 with SMTP; 28 Sep 2001 19:09:51 -0000 X-eGroups-Return: sentto-279987-2475-1001704177-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by mu.egroups.com with NNFMP; 28 Sep 2001 19:09:37 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 28 Sep 2001 19:09:36 -0000 Received: (qmail 62976 invoked from network); 28 Sep 2001 19:09:34 -0000 Received: from unknown (10.1.10.142) by l10.egroups.com with QMQP; 28 Sep 2001 19:09:34 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 28 Sep 2001 19:09:34 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id MAA12330 for iwar@onelist.com; Fri, 28 Sep 2001 12:09:34 -0700 Message-Id: <200109281909.MAA12330@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 28 Sep 2001 12:09:34 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:How.vulnerable.is.the.U.S..IT.infrastructure?] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit How vulnerable is the U.S. IT infrastructure? Cara Garretson, IDG News Service, 9/28/2001 <a href="http://www.itworld.com/Tech/2987/IDG010927infrastructure/?idgnet">http://www.itworld.com/Tech/2987/IDG010927infrastructure/?idgnet> U.S. networks are likely targets for terrorist attacks, said lawmakers and representatives of government agencies, academia and the IT industry at a House of Representatives subcommittee hearing Wednesday. While witnesses agreed that networks are possible targets, they offered differing opinions regarding the cause of vulnerability during testimony to the Committee on Government Reform's Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. Representatives from university research groups maintained that commercial software doesn't employ robust enough security to protect government and businesses, as well as home users, from infiltration and attacks, specifically computer viruses and worms that spread through the Internet. But the head of an industry association argued that the problem is the lack of education and prioritization of security issues by all types of users, leaving the country open to cyberattack. Because much of the technology used today has roots in the personal computing era, when PCs were intended to be stand-alone devices, protecting them from threats that arise once those systems are connected means retrofitting software, said Richard Pethia, director of Computer Engineering Response Team (CERT) Centers with Carnegie Mellon University's Software Engineering Institute. "We're lacking security, but we have this huge installed base" of software from the PC era, he said. "We can build systems that are much more robust and secure." Countering this argument, Harris Miller, president of the Information Technology Association of America (ITAA), said that software companies are putting forth a "maximum effort" to produce highly secure products. "Customers don't want the security features," Miller said, referring to the suggestion made many times during the hearing that companies should ship their software with the highest possible security settings turned on as the default. "It's just like how do you get people to wear seatbelts?" Emphasis should be placed on educating the country about sound information security practices, Miller said. "Practicing information security as part of homeland defense will pay massive dividends in the future." Another related discussion was sparked when the subcommittee chairman Representative Stephen Horn, a Republican from California, asked how vulnerable the Internet is to terrorist attacks. "The possibility is there to take down the Internet," said Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, adding that routers and domain name servers are particularly vulnerable. These problems are well known but not addressed, perhaps due to lack of resources or not making them high priorities, he said. "Much of the Internet is very resilient," tempered CERT's Pethia," but a few key points like domain name servers don't have redundancy." Fearing that such statements would lead to newspaper headlines predicting the collapse of the Internet, Miller said that there are risks, but the companies that manage those servers, such as VeriSign Inc, are aware of them and are working on redundancy plans. One point many of the witnesses agreed upon was the need for more government-sponsored research and development programs to help build better security technology. "There's a need for more resources. The money that most (computer companies) spend is on short-term development. We need long-term, government-funded research and development," Miller said. Government funded training programs aimed at producing more security specialists would also help, he said. Considering that computer users today find security features difficult to use, Vatis added that long-term research should focus on developing software with high security levels and low end-user interference. "The state of the art [of security technology] today is not good enough," he said. "The answer is research and development to design technology that's easier to use." More information on the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations can be found at <a href="http://www.house.gov/reform/gefmir/">http://www.house.gov/reform/gefmir/>. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT