Return-Path: <sentto-279987-3172-1003586630-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 20 Oct 2001 07:05:07 -0700 (PDT) Received: (qmail 19470 invoked by uid 510); 20 Oct 2001 14:03:26 -0000 Received: from n16.groups.yahoo.com (216.115.96.66) by 204.181.12.215 with SMTP; 20 Oct 2001 14:03:26 -0000 X-eGroups-Return: sentto-279987-3172-1003586630-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n16.groups.yahoo.com with NNFMP; 20 Oct 2001 14:03:47 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 20 Oct 2001 14:03:48 -0000 Received: (qmail 9545 invoked from network); 20 Oct 2001 14:03:33 -0000 Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 20 Oct 2001 14:03:33 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 20 Oct 2001 14:03:33 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9KE3ea13408 for iwar@onelist.com; Sat, 20 Oct 2001 07:03:40 -0700 Message-Id: <200110201403.f9KE3ea13408@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 20 Oct 2001 07:03:40 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:New.focus.on.infrastructure.protection.emerging] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit New focus on infrastructure protection emerging By Dan Verton, ComputerWorld, 10/19/2001 <a href="http://www.computerworld.com/storyba/0,4125,NAV47_STO64888,00.html">http://www.computerworld.com/storyba/0,4125,NAV47_STO64888,00.html> Despite the fear of biological warfare that has paralyzed portions of the nation's capital, a picture of renewed cooperation between the government and industry on critical infrastructure protection is beginning to emerge. On Tuesday, the Bush administration finalized the executive order establishing the President's Critical Infrastructure Protection Board under Richard Clarke, the nation's newly appointed de facto cybersecurity czar. The administration had approved the order in draft form at least four months ago. However, the finalized order clears up many of the questions that had emerged about the future of various federal agencies that have a stake in critical infrastructure protection efforts, including cybersecurity. Although many were uncertain about the future roles of the FBI's National Infrastructure Protection Center (NIPC) and the Commerce Department's Critical Infrastructure Assurance Office (CIAO), the executive order names the directors of both agencies as members of the board's coordinating committee, effectively ensuring the agencies' survival. The NIPC, based at FBI headquarters, was formed in 1998 to handle threat assessment, investigations and responses to any attacks on critical U.S. infrastructures. Also established in 1998, the CIAO is responsible mainly for integrating various private-sector security plans into a single national plan, known as the National Plan for Information Systems Protection. "We're a member of the board," said John Tritak, director of the CIAO, when asked if the executive order had cleared up any doubts he may have had about his agency's future. "It ensures a dedicated line of funding." The order also formally established a National Infrastructure Advisory Council (NIAC), a 30-member panel of private-sector experts that will advise the president on the security of information systems that support various sectors of the economy, such as banking and finance, transportation, manufacturing and energy. Industry CEOs will comprise the bulk of the NIAC, which is charged with enhancing security cooperation between private companies and the government. Meanwhile, Sen. Robert Bennett (R-Utah), a member of the Senate Republican High Tech Task Force and former chair of the Senate Special Committee on the Year 2000 Technology Problem, is preparing to push hard for legislation that would create incentives for companies to share more information on cybervulnerabilities with the government. To date, companies have largely refused to hand over a lot of information out of fear that the Freedom of Information Act (FOIA) would lead to the loss of proprietary trade secrets. "It's not enough for industry to talk to itself," said Bennett, who recently introduced the Critical Infrastructure Information Security Act of 2001, which would remove impediments to information sharing, such as FOIA. "If you do not put this legislation in place, private industry will not tell the government [about their systems]," said Bennett, who spoke at a conference on homeland cyberdefenses sponsored by the Center for Strategic and International Studies and the Information Technology Association of America. However, Bennett sharply criticized the private sector's track record on information sharing. For example, he said, during Y2k preparations, industry adopted a "fail and fix strategy," because allowing systems to fail first was cheaper than making an investment in the future that offered no immediate return. It took intervention by the Securities and Exchange Commission, in the form of mandatory information security preparedness reporting, to get companies to change their mind-set, he said. "If you adopt [a] fail and fix [attitude] with regard to cyberterrorism, you're going to have much higher costs," said Bennett. Ron Dick, director of the NIPC, said the Bush administration's executive order establishing the Critical Infrastructure Protection Board raises the bar on accountability in the federal sector through explicit language that holds the heads of federal agencies responsible for the security of their IT systems and networks. "That's an important step," said Dick. "The government is hopefully going to be an example to the private sector." "Today, many in industry are not convinced that they should be putting their shareholder dollars into critical infrastructure protection," said Duane Andrews, a former assistant secretary of defense for command, control, communications and intelligence who now serves as executive vice president of San Diego-based Science Applications International Corp. The government must "hold our agency heads, military commanders and line managers in industry accountable," he said. "Management has to be held accountable ... if we're going to make progress in cybersecurity." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST