Return-Path: <sentto-279987-2868-1002809937-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 11 Oct 2001 07:20:08 -0700 (PDT) Received: (qmail 8526 invoked by uid 510); 11 Oct 2001 14:18:47 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 11 Oct 2001 14:18:47 -0000 X-eGroups-Return: sentto-279987-2868-1002809937-fc=all.net@returns.onelist.com Received: from [10.1.1.222] by n23.groups.yahoo.com with NNFMP; 11 Oct 2001 14:18:57 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 11 Oct 2001 14:18:56 -0000 Received: (qmail 59531 invoked from network); 11 Oct 2001 14:18:56 -0000 Received: from unknown (10.1.10.27) by 10.1.1.222 with QMQP; 11 Oct 2001 14:18:56 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 11 Oct 2001 14:18:56 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA16829 for iwar@onelist.com; Thu, 11 Oct 2001 07:18:56 -0700 Message-Id: <200110111418.HAA16829@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 11 Oct 2001 07:18:56 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Security.experts:.U.S..is.unprepared.for.IT.warfare] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Security experts: U.S. is unprepared for IT warfare ComputerWorld, 10/11/2001 <a href="http://www.computerworld.com/storyba/0,4125,NAV47_STO64653,00.html">http://www.computerworld.com/storyba/0,4125,NAV47_STO64653,00.html> Top computer security experts told a congressional committee today that the U.S. isn't producing the talent or the funding needed to confront the information warfare threats the country now faces. "Our research base in computer security and network security is miniscule," William Wulf, president of the Washington-based National Academy of Engineering and a computer security expert, told the House Science Committee. "I think we desperately need to do something," he said. Eugene Spafford, a computer science professor who heads West Lafayette, Ind.-based Purdue University's information assurance center, surveyed 23 leading universities that grant Ph.D.s in computer security and found that only 20 Ph.D.s were granted in the past three years, "and only a fraction of those have decided to go into academic positions to help increase the supply" of researchers, he said. Research funding is also inadequate, said Spafford. The National Institute of Standards and Technology, a federal agency that funds critical infrastructure protection research, awarded $5 million in research grants this year -- enough for just nine of 133 projects submitted, said Spafford. Industry funds some research, but that money is "usually tied to short-termed deliverables" and includes restrictions on publication of the results, said Spafford. The Science Committee hearing was one of a number held in recent weeks on information security issues by committees in the U.S. House and Senate. At these hearings, lawmakers have been repeatedly warned that threats to the Internet and critical systems have increased since terrorist attacks on the U.S. on Sept. 11. That warning was repeated today. "The threats are extensive and serious," said Terry Benzel, vice president of advanced security research at Santa Clara, Calif.-based Network Associates Inc. "A cyberthreat taken in conjunction with a physical threat of terrorism as we witnessed is beyond frightening," she said. One scenario she outlined was an attack on water-quality systems that would be simultaneous with a bioterrorist attack. "We don't really know how vulnerable we are," said Benzel. Wulf said new approaches to software development are also needed. While systems administrators can continue to patch systems, this perimeter-focused or Maginot line system of protection is flawed, he said. "It hasn't worked in the past, and it won't work in the future," he said. One potential security solution is based on a distributed concept. "Instead of having this perimeter defense, you have lots of agents running around seeing if something bad is happening and attacking when it does," said Wulf. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST