Return-Path: <sentto-279987-3817-1005231694-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 08 Nov 2001 07:03:07 -0800 (PST) Received: (qmail 21001 invoked by uid 510); 8 Nov 2001 15:00:34 -0000 Received: from n27.groups.yahoo.com (216.115.96.77) by 204.181.12.215 with SMTP; 8 Nov 2001 15:00:34 -0000 X-eGroups-Return: sentto-279987-3817-1005231694-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.223] by n27.groups.yahoo.com with NNFMP; 08 Nov 2001 15:01:34 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 8 Nov 2001 15:01:34 -0000 Received: (qmail 99593 invoked from network); 8 Nov 2001 15:01:34 -0000 Received: from unknown (216.115.97.167) by m5.grp.snv.yahoo.com with QMQP; 8 Nov 2001 15:01:34 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 8 Nov 2001 15:01:33 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA8F1gg06257 for iwar@onelist.com; Thu, 8 Nov 2001 07:01:42 -0800 Message-Id: <200111081501.fA8F1gg06257@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 8 Nov 2001 07:01:42 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Cyber-security.czar.snubs.ID.plan,.defends.Govnet] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cyber-security czar snubs ID plan, defends Govnet By Elinor Mills Abreu, Reuters, 11/8/2001 <a href="http://news.cnet.com/investor/news/newsitem/0-9900-1028-7816121-0.html?tag=ats">http://news.cnet.com/investor/news/newsitem/0-9900-1028-7816121-0.html?tag=ats> As technology companies promote the idea of a national identification card, the president's special adviser on cyber-security said on Wednesday the idea has little support within the Bush administration. Richard Clarke said he couldn't name one official who supports the idea as proposed, although conceding that the administration doesn't yet have a formal position on the concept. "Everyone I've talked to doesn't think it's a good idea," Clarke said during a dinner speech hosted by Microsoft Corp. as part of its three-day Trusted Computing conference. The idea, raised in the wake of the Sept. 11 attacks, has drawn criticism from civil libertarians who say it would violate individual privacy. Despite those concerns, Larry Ellison of Oracle Corp. was the first to push ID cards, suggesting his company's database software should be used. Sun Microsystems Inc's Scott McNealy was next, and earlier on Wednesday Siebel Systems Inc. announced "Homeland Security" software. Clarke said it is not clear that the country needs to have a mandatory identity card, but suggested there might be a use for credit card-sized smart cards that contain data and microchips. Such cards could be used for specific actions such as boarding airplanes and crossing U.S. borders, he said. "Not one national ID card that we force everybody to have," but multiple, voluntary cards that could improve the efficiency of activities, Clarke added. GOVNET DEFENDED Clarke also defended the idea he proposed in mid-October for the government to consider creating a computer network, dubbed "Govnet," that is separate from the Internet and which would, as a result, be less vulnerable to malicious attacks. He described it as a set of departmental and agency "intranets," which use Internet technologies, that would run on leased fibre optic cable instead of passing through routers and switches connected to the Internet. "It would be impervious to even the most dangerous denial-of-service attack," he said. Denial-of-service attacks are designed to temporarily shut down Web servers or other equipment by bombarding them with so much junk traffic that they can't handle the load. Government employees would still use the Internet, but also have computers linked to Govnet on their desks for internal communications and critical operations, Clarke said. This might be particularly useful for work such as manned space flight and air traffic control, he added. In response to criticisms that a separate network would not be immune from viruses, he said it would at least get viruses "hours or days" after they hit computers on the Internet. Critics also have noted that Govnet couldn't prevent so-called "insider threats," employees who intentionally or inadvertently create security breaches, which make up about 40 percent of network break-ins, Clarke said. To minimise that risk the government could closely monitor employees and require them to use technologies to prove their identity and permission to access the system, he said. "If it turns out to be vastly expensive then we won't do it," Clarke said. "It's is not designed to be a silver bullet" that will solve all the government's cyber-security problems, he added. COST OF DOING BUSINESS Legislation to boost the powers of law enforcement in combating terrorism and the money being spent to provide more security for buildings and digital assets is the cost of doing business going forward, Clarke concluded. "We're paying more for security than we were six weeks ago," he said. "We now understand it is a cost of doing business." The economic costs so far have been trivial, "a few billion dollars," which is minor compared to what the cost could be without the security measures, Clarke noted. In addition to money spent, Americans are having to give up some of their freedoms to privacy. The USA Patriot Act signed into law two weeks ago gives authorities broader rights to tap phones and track Internet, e-mail and cell phone usage, among other things. Under a "sunset provision," certain provisions will expire in five years. "If the administration abuses the law in any way," Clarke said, "Then the law can be re-enacted. We haven't given up civil liberties and privacy." The new law will allow the government to find perpetrators more quickly than they have in the past, he said. In 1998 after the U.S. Air Force computer system was attacked right before the Gulf War, it took officials four days to get nine search warrants to investigate the case, he said. Copyright 2001, Reuters News Service ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST