Return-Path: <sentto-279987-3868-1005707544-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 13 Nov 2001 19:15:08 -0800 (PST) Received: (qmail 11720 invoked by uid 510); 14 Nov 2001 03:11:15 -0000 Received: from n21.groups.yahoo.com (216.115.96.71) by all.net with SMTP; 14 Nov 2001 03:11:15 -0000 X-eGroups-Return: sentto-279987-3868-1005707544-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.53] by n21.groups.yahoo.com with NNFMP; 14 Nov 2001 03:09:27 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 14 Nov 2001 03:12:24 -0000 Received: (qmail 99020 invoked from network); 14 Nov 2001 03:12:24 -0000 Received: from unknown (216.115.97.172) by m9.grp.snv.yahoo.com with QMQP; 14 Nov 2001 03:12:24 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2.grp.snv.yahoo.com with SMTP; 14 Nov 2001 03:12:24 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAE3D3X29815 for iwar@onelist.com; Tue, 13 Nov 2001 19:13:03 -0800 Message-Id: <200111140313.fAE3D3X29815@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 13 Nov 2001 19:13:02 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Feds.Fail.To.Protect.Their.Own.Computers] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Feds Fail To Protect Their Own Computers By Tim McDonald, www.NewsFactor.com, 11/13/2001 <a href="http://dailynews.yahoo.com/h/nf/20011112/tc/14719_1.html">http://dailynews.yahoo.com/h/nf/20011112/tc/14719_1.html> The U.S. government is giving itself more power to cyber-snoop on citizens and suspected terrorists, but in the wake of heightened fears of possible attacks on the country's critical information technology systems, its own computer security is getting worse instead of better, according to a government report. A House panel responsible for reviewing government security systems gave an overall grade of "F" to the 24 agencies it scrutinized. That is a marked decrease from the "D" it issued in September of 2000. "The nation cannot afford to ignore the risks associated with cyber-attacks," Representative Stephen Horn, California Republican and chairman of the House Government Reform Sub-Committee on Government Efficiency, said. "Federal agencies rely on computer systems to support critical operations that are essential to the health and well-being of millions of Americans." Two-Thirds Fail Horn's committee, and a report issued by the General Accounting Office (news - web sites) (GAO), said that government computers offer little protection against terrorists and hackers. A full two-thirds of the federal agencies reviewed got failing grades, based on Office of Management and Budget (OMB) reports and GAO audits. Only the National Science Foundation (news - web sites) excelled, with a grade of B-plus. Other agencies with grades higher than "D" were: the Social Security Administration (news - web sites) with a C-plus, and NASA (news - web sites) with a C-minus. Of the 24 largest government agencies, 16 received an "F." "Weaknesses continued to be reported in each of the 24 agencies included in our review," the report said. "And they covered all six major areas of general controls -- the policies, procedures, and technical controls that apply to all or a large segment of an entity's information systems and help ensure their proper operation." "Well, this is the government -- everybody knows what the problems are, but the difficulty is you've got an inert system that is designed to fall further and further behind the technology," James Adams, senior analyst with the Center for Strategic International Studies, told NewsFactor Network. "It takes me and you 30 seconds to upgrade a [security] firewall; to do that in the government takes you six months. Bureaucracies are not designed to manage a revolution. They're designed to be very, very slowly evolving -- and that's not what is needed here." 'Digital Pearl Harbor' Government agencies, required by a new law to report to the OMB on their campaigns to update and maintain security systems, are easy prey to their own watchdogs. The GAO routinely breaks into federal online systems to test security, encountering little resistance, GAO investigators said. At the Commerce Department (news - web sites), investigators found that some computers required no passwords at all to sign on; others had lists of passwords in plain view on the computers themselves, and some had the word "password" as passwords. The GAO report cited U.S. intelligence sources as warning that at least 20 countries are developing cyber-warfare techniques and strategies that target American military and private sector data networks. "While the warning of a potential "digital Pearl Harbor" has been raised in the past, the events of September 11, 2001, further underscored the need to protect America's cyberspace against potentially disastrous cyber-attacks," the report said. Separate Net for Feds? President George W. Bush (news - web sites) two weeks ago signed a bill that provides the Federal Bureau of Investigation with broad new investigative powers, enabling agents to track the e-mail and Web-surfing habits of individual Internet users. Bush also recently appointed a panel to improve cyber-security in 43 government agencies and in the private sector. The head of that panel, Richard Smith, has called for a separate, secure government network for top-secret communications -- a suggestion that has met with resistance from critics, some of whom argue it is not technologically possible. More than 90 percent of the country's critical infrastructure systems, such as those involving telecommunications, financial systems and utilities, are owned by and managed by private companies. There has been a recent move to have the Securities and Exchange Commission (news - web sites) require public companies to disclose their preparedness for a cyber-attack in their quarterly reports. The move would not be unprecedented -- public companies were required to provide similar information regarding their Y2K compliance efforts. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/Vv.L9D/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST