Return-Path: <sentto-279987-3898-1005919475-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 16 Nov 2001 06:06:08 -0800 (PST) Received: (qmail 24658 invoked by uid 510); 16 Nov 2001 14:03:21 -0000 Received: from n1.groups.yahoo.com (216.115.96.51) by all.net with SMTP; 16 Nov 2001 14:03:21 -0000 X-eGroups-Return: sentto-279987-3898-1005919475-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.224] by n1.groups.yahoo.com with NNFMP; 16 Nov 2001 14:04:35 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 16 Nov 2001 14:04:35 -0000 Received: (qmail 11603 invoked from network); 16 Nov 2001 14:04:34 -0000 Received: from unknown (216.115.97.171) by m6.grp.snv.yahoo.com with QMQP; 16 Nov 2001 14:04:34 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 16 Nov 2001 14:04:34 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAGE5P230240 for iwar@onelist.com; Fri, 16 Nov 2001 06:05:25 -0800 Message-Id: <200111161405.fAGE5P230240@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 16 Nov 2001 06:05:25 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Lawmakers.Briefed.on.Buggy.Code] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Lawmakers Briefed on Buggy Code Tech industry leaders urge neophyte subcommittee to support cyber security FOIA and antitrust exemptions By Will Rodger Nov 15 2001 6:56PM PT WASHINGTON -- A House subcommittee better known for its privacy concerns took up the issue of computer security Thursday, signaling a sudden interest in a topic once confined to more obscure reaches of the congressional committee system. Cliff Stearns, R-Fla., chairman of the House Energy and Commerce Committee's Commerce, Trade and Consumer Protection Subcommittee, said insecure systems are nothing new. But the lessons of Sept. 11 have changed the old ways of thinking on Capitol Hill. "Terrorists and their recruits also have grown up in the digital age and thus most probably possess the technical skills to undertake concerted and effective cyber terror attacks," Stearns said. "Cyber terrorism can potentially engender greater pain and tragedy." But panelists seemed in no mood to prognosticate future disasters; Indeed, the idea that hackers could cause major damage to the nation remains controversial, since no such attack has ever been launched. Instead, witnesses called for more training and more efficient use of the people assigned to do computer security. Mary Ann Davidson, director of security product management at Oracle, took an apparent swipe at rival Microsoft when she said secure systems would not arise in a "monopoly environment." Still, she said, software developers should create small, elite teams to address security issues before they arise. That way programmers could scrutinize each other's work closely. Witnesses were unanimous in supporting efforts to shield companies from liability related to computer-security efforts. For instance, the government has urged companies from nearly every sector of the economy to share information about security threats and vulnerabilities -- among themselves and with law enforcement. But centers set up for information exchange have not been as effective as they might be, panelists said; Some lawyers believe such data swapping could be interpreted as violations of U.S. antitrust laws. Others fear competitors or consumer groups could use the Freedom of Information Act to "out" companies whose security was not up to snuff. FOIA Exemption Sought The panel was unanimous in calling for changes to antitrust statutes as well as the Freedom of Information Act. They also wanted an exemption from the Federal Advisory Committee Act, which could make some details of computer insecurities public. Microsoft Chief Security Officer Howard Schmidt asked the committee to support legislation to do all those things. Efforts to move such a bill out of the Senate Judiciary committee have faltered in the face of opposition from committee chair Patrick Leahy, D-Vt. Leahy and others maintain the changes could let companies sweep problems under the rug. "The argument against it is that, for some security vulnerabilities, we need more exposure not less. It's the only way things are going to get fixed," said James Dempsey, senior counsel to the Center for Democracy and Technology, after the hearing. Since information-sharing centers cover all infrastructure, not just computers, Dempsey said, implications could be grave when it comes to the safety of nuclear plants or chemical factories. "The question of what did they know and when did they know it can never be asked." Subcommittee members moved cautiously through a field that was new to them. Diana DeGette, D-Colo., asked panelists if they had discovered any new vulnerabilities in the nation's networks since Sept. 11. Dave McCurdy, a former Congressman and president of the Electronic Industries Alliance, explained that security holes are a chronic, ongoing problem. He referred subcommittee members to the Website of the Computer Emergency Response Team at Carnegie-Mellon University for details. Warren Axlerod, chief of computer security at the Pershing securities clearinghouse in New York City, explained vulnerabilities are a function of computer code itself, rather than efforts to subvert it from the outside. For all the talk of terrorist crackers, Oracle's Davidson was unabashed in her admiration for many of the world's "white hat" hackers. "As much as no vendor likes hackers going after their product, we learn from them and we build better product because of them," she said. She even suggested that a proposed government jobs program could do some of that work for the rest of society. "It's not too far fetched to think that a 'cybercorps' of hackers can measurably help secure the nation's critical infrastructure against the hackers of a malicious foreign power," she said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/bAmslD/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST