[iwar] [fc:Cyber.Security.Key.to.New.U.S.Initiative]

From: Fred Cohen (fc@all.net)
Date: 2001-10-09 09:29:58


Return-Path: <sentto-279987-2806-1002644999-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 09 Oct 2001 09:31:08 -0700 (PDT)
Received: (qmail 21494 invoked by uid 510); 9 Oct 2001 16:29:54 -0000
Received: from n1.groups.yahoo.com (216.115.96.51) by 204.181.12.215 with SMTP; 9 Oct 2001 16:29:54 -0000
X-eGroups-Return: sentto-279987-2806-1002644999-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by n1.groups.yahoo.com with NNFMP; 09 Oct 2001 16:29:57 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 9 Oct 2001 16:29:59 -0000
Received: (qmail 60807 invoked from network); 9 Oct 2001 16:29:59 -0000
Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 9 Oct 2001 16:29:59 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 9 Oct 2001 16:29:58 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id JAA24183 for iwar@onelist.com; Tue, 9 Oct 2001 09:29:58 -0700
Message-Id: <200110091629.JAA24183@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 9 Oct 2001 09:29:58 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Cyber.Security.Key.to.New.U.S.Initiative]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Cyber Security Key to New U.S Initiative

By Jay Lyman, www.NewsFactor.com, 10/9/2001
<a href="http://dailynews.yahoo.com/h/nf/20011009/tc/14015_1.html">http://dailynews.yahoo.com/h/nf/20011009/tc/14015_1.html>

Federal and other officials say that cyber security will be a key
component of the new Office of Homeland Security -- but some computer
security experts worry that more bureaucracy will bog down protection. 

While the man named to head the new office, former Pennsylvania governor
Tom Ridge, has a history of tapping technology for public policy issues,
there is concern over his ability to coordinate some 40 agencies,
including the Federal Bureau of Investigation (FBI (news - web sites))
and the Central Intelligence Agency (news - web sites) (CIA (news - web
sites)). 

And although officials as high as the President of the United States
stress the value of secure information in the war on terrorism, industry
experts doubt that government can cut through the red tape to protect
the Internet. 

"I think there's a big need [for cyber security], but I'm not sure the
way the government is going about it will really have much effect,"
SecurityFocus incident analyst Ryan Russell told NewsFactor Network.  "I
think we're a long way off from being secure.  The best we can do is act
responsively, and I don't see that changing for at least the next
decade."

Information Is Power

There has been some skepticism that a new Office of Homeland Security is
the best way to address the kinds of security gaps that allowed
September's hijackers to slip through the system, and to prevent future
attacks, including on the Web.  But at Ridge's swearing in on Monday,
President George W.  Bush (news - web sites) said the new office has his
weight behind it. 

"The Homeland Security Office has a series of specific goals, and will
have my authority to meet them," the President said.  "One, take the
strongest possible precautions against terrorism by bringing together
the best information and intelligence.  In the war on terror, knowledge
is power."

While it is still taking shape, the "homeland defense" initiative also
includes a new deputy national security adviser who will coordinate
anti-terrorism efforts of the National Security Council, which now
includes an Office of Cyber Security. 

Tech Admins Only

Still, security experts like Russell say that cyber security problems
center on the need for system administrators, not federal
administrators. 

"It looks like most of the problems out there have to do with bodies to
do the work," he told NewsFactor. 

Russell, who recalled a two-day authority delay when he was asked to
look at a government agency server, said officials typically focus too
much on "penetration testing" to find out whether systems are
vulnerable, leaving the same security holes year after year. 

"They're finding gaping, massive holes and keep coming back and finding
the same problems over and over again," he said.  "You never can tell
what's going to result, but I'm skeptical based on the past."

A New World

Russell did say that the terrorist attacks may have changed the mindsets
of government officials and large software makers like Microsoft
(Nasdaq: MSFT - news), putting a new priority on security. 

"They seem to be acknowledging there is a systemic problem," Russell
said, adding that government is a large user of Microsoft products and
has the same security problems as other users of the popular software. 

Speaking at the White House on Monday, Ridge -- who has made deals with
Microsoft, Unisys and other technology companies while governor of
Pennsylvania -- indicated a need to bring together the various federal,
state and local agencies involved in securing everything from local
highways to the information superhighway.  He added that candor and
cooperation would be the driving principle for the new office. 

"The President's executive order states that we must detect, prepare
for, prevent, protect against, respond to and recover from terrorist
attacks -- an extraordinary mission," Ridge said.  "But we will carry it
out."

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST