[iwar] [fc:Security.experts:.U.S..is.unprepared.for.IT.warfare]

From: Fred Cohen (fc@all.net)
Date: 2001-10-11 07:18:56


Return-Path: <sentto-279987-2868-1002809937-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 11 Oct 2001 07:20:08 -0700 (PDT)
Received: (qmail 8526 invoked by uid 510); 11 Oct 2001 14:18:47 -0000
Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 11 Oct 2001 14:18:47 -0000
X-eGroups-Return: sentto-279987-2868-1002809937-fc=all.net@returns.onelist.com
Received: from [10.1.1.222] by n23.groups.yahoo.com with NNFMP; 11 Oct 2001 14:18:57 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 11 Oct 2001 14:18:56 -0000
Received: (qmail 59531 invoked from network); 11 Oct 2001 14:18:56 -0000
Received: from unknown (10.1.10.27) by 10.1.1.222 with QMQP; 11 Oct 2001 14:18:56 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 11 Oct 2001 14:18:56 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA16829 for iwar@onelist.com; Thu, 11 Oct 2001 07:18:56 -0700
Message-Id: <200110111418.HAA16829@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 11 Oct 2001 07:18:56 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Security.experts:.U.S..is.unprepared.for.IT.warfare]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Security experts: U.S. is unprepared for IT warfare

ComputerWorld, 10/11/2001
<a href="http://www.computerworld.com/storyba/0,4125,NAV47_STO64653,00.html">http://www.computerworld.com/storyba/0,4125,NAV47_STO64653,00.html>

Top computer security experts told a congressional committee today that
the U.S.  isn't producing the talent or the funding needed to confront
the information warfare threats the country now faces. 

"Our research base in computer security and network security is
miniscule," William Wulf, president of the Washington-based National
Academy of Engineering and a computer security expert, told the House
Science Committee.  "I think we desperately need to do something," he
said. 

Eugene Spafford, a computer science professor who heads West Lafayette,
Ind.-based Purdue University's information assurance center, surveyed 23
leading universities that grant Ph.D.s in computer security and found
that only 20 Ph.D.s were granted in the past three years, "and only a
fraction of those have decided to go into academic positions to help
increase the supply" of researchers, he said. 

Research funding is also inadequate, said Spafford.  The National
Institute of Standards and Technology, a federal agency that funds
critical infrastructure protection research, awarded $5 million in
research grants this year -- enough for just nine of 133 projects
submitted, said Spafford. 

Industry funds some research, but that money is "usually tied to
short-termed deliverables" and includes restrictions on publication of
the results, said Spafford. 

The Science Committee hearing was one of a number held in recent weeks
on information security issues by committees in the U.S.  House and
Senate.  At these hearings, lawmakers have been repeatedly warned that
threats to the Internet and critical systems have increased since
terrorist attacks on the U.S.  on Sept.  11.  That warning was repeated
today. 

"The threats are extensive and serious," said Terry Benzel, vice
president of advanced security research at Santa Clara, Calif.-based
Network Associates Inc.  "A cyberthreat taken in conjunction with a
physical threat of terrorism as we witnessed is beyond frightening," she
said. 

One scenario she outlined was an attack on water-quality systems that
would be simultaneous with a bioterrorist attack.  "We don't really know
how vulnerable we are," said Benzel. 

Wulf said new approaches to software development are also needed.  While
systems administrators can continue to patch systems, this
perimeter-focused or Maginot line system of protection is flawed, he
said.  "It hasn't worked in the past, and it won't work in the future,"
he said. 

One potential security solution is based on a distributed concept. 
"Instead of having this perimeter defense, you have lots of agents
running around seeing if something bad is happening and attacking when
it does," said Wulf. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST