Return-Path: <sentto-279987-3149-1003501828-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 19 Oct 2001 07:32:10 -0700 (PDT) Received: (qmail 4561 invoked by uid 510); 19 Oct 2001 14:30:13 -0000 Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 19 Oct 2001 14:30:13 -0000 X-eGroups-Return: sentto-279987-3149-1003501828-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by n11.groups.yahoo.com with NNFMP; 19 Oct 2001 14:30:36 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 19 Oct 2001 14:30:27 -0000 Received: (qmail 53745 invoked from network); 19 Oct 2001 14:30:27 -0000 Received: from unknown (10.1.10.142) by l10.egroups.com with QMQP; 19 Oct 2001 14:30:27 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 19 Oct 2001 14:30:27 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9JEUTc10999 for iwar@onelist.com; Fri, 19 Oct 2001 07:30:29 -0700 Message-Id: <200110191430.f9JEUTc10999@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 19 Oct 2001 07:30:29 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Cyber-Terrorism.Fears.Stoke.Industry-Govt..Cooperation] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cyber-Terrorism Fears Stoke Industry-Govt. Cooperation By Brian Krebs, Newsbytes, 10/19/2001 <a href="http://www.newsbytes.com/news/01/171281.html">http://www.newsbytes.com/news/01/171281.html> Private industry and the federal government for years have been aware of the need to beef up information sharing on cyber-vulnerabilities to help ward off potential terrorist attacks on the nation's most vital computer systems. Yet, it has taken the events of Sept. 11 to really place the issue on the front burner, according to leaders from both sectors. "There has always been an awareness that national security is a very big business concern," said John Tritak, head of the Bush administration's point agency for fostering cooperation between the public and private sector. "The urgency has not changed, but the appreciation that there's an urgency has." Ron Dick, director of the FBI's computer crime division, said the agency now conducts multiple daily briefings with industry groups representing the power, water and financial services industries to swap data on possible points of cyber-attack. The increased cooperation comes as the FBI warns that terrorists could soon target vulnerabilities in systems that regulate the nation's most critical infrastructures, such as the national power grid and the telecommunications network. Sen. Robert Bennett, R-Utah, said the next physical terrorist attack on U.S. targets will likely be accompanied by a simultaneous attack on computer systems used to coordinate an emergency response. "Realize how the two can be tied together to produce the maximum terror and fear, so that not only has something very spectacular blown up, but we can't do anything about it because our computers are shut down," Bennett said today at a conference sponsored by the Center for Strategic and International Studies. While both sides cheer the relatively nascent cooperative efforts, Congress and industry have determined that the data sharing will go only so far without legal guarantees giving companies a limited exemption from antitrust scrutiny for sharing cyber-attack information. Corporations also want to limit information that may be obtained by the press or public through the Freedom of Information Act. Bennett and Sen. Jon Kyl, R-Ariz., recently introduced legislation to enact such protections. Reps. Tom Davis, R-Va., and James Moran, D-Va., have proposed a similar measure in the House. Bennett, who played a key role in drafting similar legislation in preparation for the Y2K conversion, said the response to his legislation from both industry and fellow lawmakers has been overwhelmingly positive. So far, however, intense internecine squabbling among various Senate committee chairmen with jurisdiction over the measure typifies the sort of stovepiping that has stymied stronger interagency cooperation on cyber-security issues to date, Bennett said. "Everybody likes my bill, but we can't find a home for it. They say hell hath no fury like a congressional chairman whose jurisdiction is challenged," he said. "Various chairmen of the various committees say, 'Yes, this is an important problem, and I will handle it.' Every one of them is willing take on the issue, but not one is willing to give up jurisdiction to anyone else," Bennett said. "At the moment, (Senate Majority Leader Tom) Daschle is struggling with how he can deal with the various maharajas who preside over these committees." Bennett's bill would encourage industry sectors to share data on computer intrusions and network vulnerability with the government, which would in turn compare the information with data gleaned from other sectors and provide industry with a meta-analysis of the data. Bennett said he was engaged in ongoing discussions with the new chairman of the Securities and Exchange Commission to see if the SEC might be amenable to issuing a rulemaking that would require companies to detail their information security measures in their quarterly SEC filing, in much the same way companies were required to list their Y2K remediation efforts leading up to the date change. "If you adopt fail-and-fix notion with respect to cyber-terrorism, you're going to have much higher costs than if you address the issue up front," Bennett said. "If we can get the SEC and other agencies to get people to understand that, we will go a long way toward getting the advantages that come out of remediation activities." But Harris Miller, president of the Information Technology Association of America, said the federal government must first do a better job of coordinating action among its own agency heads accountable for computer crime-fighting agencies. "The alphabet soup of government agencies charged with some aspect of computer crime prevention makes it easy to see why progress has been slow," Miller said. Miller's comments were reinforced by a General Accounting Office (GAO) report issued today, which found the number one obstacle to greater information sharing among federal organizations was settling on a common approach for sharing such data. Last week, the Bush administration signed an executive order to establish a critical infrastructure protection board, to be staffed by the major agency chief information officers. Those agency chiefs would in turn answer to longtime national security aide Richard Clarke, tapped earlier this month to be the government's information security czar. Yet Miller said most federal CIOs he has talked to privately concede they are in desperate need of funding to update the computer equipment needed to carry out their new responsibilities. In fact, the GAO report cites a general lack of adequate funding as the second biggest obstacle to increased inter-agency cooperation. Miller suggested the government invest at least $10 billion in federal spending, grants and loans to get the job done. "Simply saying that this is important is not the same as providing the resources to get the job done," he said. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST