Return-Path: <sentto-279987-2890-1002963328-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 01:56:09 -0700 (PDT) Received: (qmail 14670 invoked by uid 510); 13 Oct 2001 08:55:15 -0000 Received: from n12.groups.yahoo.com (216.115.96.62) by 204.181.12.215 with SMTP; 13 Oct 2001 08:55:15 -0000 X-eGroups-Return: sentto-279987-2890-1002963328-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by n12.groups.yahoo.com with NNFMP; 13 Oct 2001 08:55:28 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 13 Oct 2001 08:55:27 -0000 Received: (qmail 57413 invoked from network); 13 Oct 2001 08:55:26 -0000 Received: from unknown (10.1.10.142) by 10.1.1.221 with QMQP; 13 Oct 2001 08:55:26 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 13 Oct 2001 08:55:26 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id BAA01388 for iwar@onelist.com; Sat, 13 Oct 2001 01:55:26 -0700 Message-Id: <200110130855.BAA01388@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Oct 2001 01:55:26 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:More.cybersecurity.study.'crucial'] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit More cybersecurity study 'crucial' By Greg Langlois, Federal Computer Week, 10/11/2001 <a href="http://www.fcw.com/fcw/articles/2001/1008/web-cip-10-11-01.asp">http://www.fcw.com/fcw/articles/2001/1008/web-cip-10-11-01.asp> New research funds-and possibly a new way of thinking-are necessary to meet an urgent need to secure computer networks supporting the nation's critical infrastructure, said academic, industry and government panelists at a congressional hearing Oct. 10. The number of academic researchers examining computer security is dangerously low, and the federal government needs to provide more money and focused support to change that, panelists told members of the House Science Committee. William Wulf, president of the National Academy of Engineering and a professor at the University of Virginia, said he "was simply appalled" at the state of security research since he returned to academia after 15 years in the commercial world. Only 100 to 200 people are pursuing serious security research, he said. "Well-funded, long-term basic research on computer security is crucial to our national security," Wulf said. No federal funding agency, such as the National Science Foundation or the Defense Advanced Research Projects Agency, has taken responsibility for basic computer security research, he said. Because no agency feels it "owns" the problem, the government has funded only sporadic research projects, he said. "No one has questioned the underlying assumptions on cybersecurity that were established in the 1960s mainframe environment," he said. One of those assumptions he calls the "Maginot Line" model, after France's famed defense that failed to stop Germany from making "an end run around them" in World War II, he said. Similarly, cyberspace attackers can bypass firewalls, and "once inside, the entire system is compromised," he said. Eugene Spafford, director of Purdue University's Center for Education and Research in Information Assurance and Security, said that after a quick survey of 24 universities, he found that only 23 students involved in cybersecurity research have earned doctorate degrees in the past three years. "We cannot hope to protect our information infrastructure without a sustained commitment to the conduct of research-both basic and applied -and the development of new experts," Spafford said. Terry Vickers Benzel, vice president of advanced security research at Network Associates Inc., said a cyberattack combined with another kind of terrorist attack, such as on a water-treatment facility, could result in a scenario that's "beyond frightening," she said. Research and development money needs to increase "dramatically," she said. "The threats are extreme and serious," Benzel said. And with limited research being conducted, "we don't really know how vulnerable we are." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST