Return-Path: <sentto-279987-3848-1005489758-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 11 Nov 2001 06:44:07 -0800 (PST) Received: (qmail 32494 invoked by uid 510); 11 Nov 2001 14:41:32 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by all.net with SMTP; 11 Nov 2001 14:41:32 -0000 X-eGroups-Return: sentto-279987-3848-1005489758-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.224] by n9.groups.yahoo.com with NNFMP; 11 Nov 2001 14:42:38 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 11 Nov 2001 14:42:37 -0000 Received: (qmail 3812 invoked from network); 11 Nov 2001 14:42:36 -0000 Received: from unknown (216.115.97.171) by m6.grp.snv.yahoo.com with QMQP; 11 Nov 2001 14:42:36 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 11 Nov 2001 14:42:36 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fABEh3313328 for iwar@onelist.com; Sun, 11 Nov 2001 06:43:03 -0800 Message-Id: <200111111443.fABEh3313328@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 11 Nov 2001 06:43:03 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Government.Brandishes.New.Powers.in.Cybersecurity] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Government Brandishes New Powers in Cybersecurity By Andy Sullivan, Reuters, 11/9/2001 <a href="http://dailynews.yahoo.com/h/nm/20011109/tc/tech_cybersecurity_policy_dc_1.html">http://dailynews.yahoo.com/h/nm/20011109/tc/tech_cybersecurity_policy_dc_1.html> In Washington, the change in the national mood since September 11 is plain to see. The famous marble monuments stand ringed by makeshift concrete barricades. White police vans sit in parking lots formerly filled with tour buses. Guard dogs prowl outside the White House, while up on Capitol Hill moon-suited investigators sweep for traces of anthrax. Security suddenly tops the high-tech agenda, as well, crowding out debates about Internet sales taxes, digital piracy, consumer privacy, and other previously hot topics. President Bush (news - web sites) two weeks ago signed a bill giving the FBI (news - web sites) sweeping new investigative powers, making it easier for the government to track Internet users' e-mail and Web-surfing habits. Other proposals before Congress would encourage the use of ''biometric'' devices that scan faces and retinas to assess identity and impose limits on open-government laws to encourage companies to share information about cyberattacks. But most cybersecurity efforts would not have so noticeable an impact on American life. Yet, initiatives to boost funding, raise awareness and lower bureaucratic barriers are more important than ever after September 11, experts say. Many see a parallel to the Y2K bug, which motivated businesses and governments to ensure their computer systems would not be wiped out at midnight, January 1, 2000. Utah Sen. Robert Bennett wants the Securities and Exchange Commission (news - web sites) to require public companies to disclose the extent to which they are prepared for a cyberattack in their quarterly reports, just as they were required to do with Y2K efforts. GOVERNMENT SEEKS SECURE NETWORK The Nimda computer worm that emerged a week after the September 11 attacks, knocking out the computer systems of nearby Fairfax County in Northern Virginia, highlighted the vulnerability many government systems face from cyberattacks. The Bush Administration recently appointed a panel to beef up cybersecurity across 43 government agencies and in the private sector. Panel chair Richard Clarke, a seasoned security official, made waves earlier this month when he called for a secure, segregated government network for top-secret communications that would be completely separated from the Internet. The proposal was met with skepticism in many quarters. ``It simply won't work,'' said a report issued by Forrester Research, a Cambridge, Massachusetts, research firm. ``A massive, completely partitioned government network is a pipe dream.'' Report author Frank Prince and others note that the network, which would probably carry a hefty price tag, would still be vulnerable to attacks because it would be used by people who may not follow strict security procedures. Users may try to link to the Internet as well, said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies. ``The Internet is so attractive, people would try to jury-rig a connection,'' he said. Another approach aims at making sensitive information less vulnerable by sharing intelligence regarding security threats. The FBI's National Infrastructure Protection Center encourages government agencies and businesses to report cyberattacks and issues periodic warnings about computer viruses and other threats. COMPANIES DON'T WANT TO SHARE PRIVATE INFORMATION Formed in 1998, the NIPC played a key role in minimizing the damage from the ``Code Red'' Internet worm that targeted government networks this summer. But many private companies are leery of telling the government about their computer vulnerabilities, fearing that open-government laws could expose trade secrets to the public. Bills introduced in both houses of Congress would carve out exemptions in the Freedom of Information Act so computer-security information would be protected without raising antitrust concerns. Civil-liberties advocates point out that these exemptions already exist in the current law as it is written. ``There is a concern about how far-reaching this blanket exemption should be,'' said David Sobel, general counsel at the Electronic Privacy Information Center. But the head of a high-tech industry trade group said most executives he talks with say they do not share critical information because of these concerns. ``The point is, companies do not believe that'' their information will be safe with the government, said Harris Miller, president of Information Technology Association of America. Miller believes the government should spend $10 billion to fix its own vulnerabilities, provide matching grants to state and local governments, provide loans to small businesses and hand out grants for long-term research. Bennett has suggested that government forgive the student loans of college graduates who chose to work in cybersecurity. Former NIPC head Michael Vatis believes the government should fund a ``digital Manhattan Project'' to encourage long-term research into cyberdefenses. ``Some of the research needs to be aimed at mid- to long-term needs, and perhaps at more speculative research that isn't going to yield a profit,'' said Vatis, who now serves as director of the Institute for Security Technology Studies at Dartmouth University. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST