Return-Path: <sentto-279987-3889-1005841348-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 15 Nov 2001 08:24:08 -0800 (PST) Received: (qmail 2620 invoked by uid 510); 15 Nov 2001 16:21:17 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by all.net with SMTP; 15 Nov 2001 16:21:17 -0000 X-eGroups-Return: sentto-279987-3889-1005841348-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.52] by n23.groups.yahoo.com with NNFMP; 15 Nov 2001 16:22:30 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 15 Nov 2001 16:22:28 -0000 Received: (qmail 66786 invoked from network); 15 Nov 2001 16:22:27 -0000 Received: from unknown (216.115.97.172) by m8.grp.snv.yahoo.com with QMQP; 15 Nov 2001 16:22:27 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2.grp.snv.yahoo.com with SMTP; 15 Nov 2001 16:22:28 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAFGNES26182 for iwar@onelist.com; Thu, 15 Nov 2001 08:23:14 -0800 Message-Id: <200111151623.fAFGNES26182@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 15 Nov 2001 08:23:14 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Companies.reluctant.to.share.cybersecurity.info.with.feds] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Companies reluctant to share cybersecurity info with feds By Bara Vaida, National Journal's Technology Daily, 11/15/2001 http://www.govexec.com/dailyfed/1101/111201td1.htm While Richard Clarke, the nation's chief cybersecurity adviser, is on a mission to foster a partnership between government and the private sector to prevent cyberattacks, Peter Tippett, the vice chairman and chief technologist with TruSecure, is skeptical that a meaningful partnership will develop soon. Tippett, whose company helped the FBI track the origins of the "Love Bug" virus in 2000, said the main obstacle to such a relationship is the strong reluctance within the computer-security industry to share information with the government. TruSecure runs an e-mail list that includes more than 100 computer-security firms as subscribers. Everyone on that list knows each other, and they meet in person at quarterly meetings. Members trust each other enough to share current information about computer break-ins, denial-of-service attacks and viruses so they can quickly let their clients know of imminent attacks. Government officials from the FBI and the White House have tried to join the list, but members have rebuffed the requests because they are uneasy about the government accessing their conversations. "The government asks, 'Can we be in on those discussions?' " Tippett said in a recent interview with National Journal's Technology Daily. "And we say, 'No. We trust each other, and we don't trust you ... to keep it confidential.' " Tippett said he has offered instead to designate someone to communicate with the FBI about imminent attacks. "Each of these vendors trusts us, so I've said we'd be happy to provide a liaison who will translate what is going on, with a one- or two-minute delay," Tippett said. "I made the offer four times to the FBI, and they haven't taken that up." Not all experts share Tippett's view. Ken Watson, the manager of critical infrastructure protection at Cisco Systems and head of the Information Technology Information Sharing and Analysis Center (IT-ISAC), perceives a growing partnership between the government and private sector. The Clinton administration moved to create information-sharing centers for each economic sector that involves critical infrastructure The IT-ISAC was created in January. "I think the IT-ISAC is working well," Watson said. "The advantages to companies who join are that they get early warning to threats and vulnerabilities, and get solutions they would not have otherwise." Tippett, however, remains skeptical of the usefulness of the ISACs. Based on his experience at several ISAC meetings, he said most company officials still express reluctance to share up-to-the-minute information with the government. "I gave a presentation to an ISAC meeting a few weeks ago, and there was a lot of discussion about how hard it is to share information," Tippett said. "No one wanted to share it because of concerns about privacy." As to the potential for a coordinated cyberattack, Tippett said the Internet is under such intense attack already that a coordinated effort would not necessarily be any more significant than the existing random attacks. "The attack rate is already so high, the frequency of malicious activity is so high, that an attack of a nation-state isn't necessarily" worse, he said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Quit now for Great American Smokeout http://us.click.yahoo.com/B0gGED/9pSDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST