Return-Path: <sentto-279987-4478-1013803792-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 15 Feb 2002 12:12:09 -0800 (PST) Received: (qmail 10499 invoked by uid 510); 15 Feb 2002 20:10:05 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by all.net with SMTP; 15 Feb 2002 20:10:05 -0000 X-eGroups-Return: sentto-279987-4478-1013803792-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.166] by n20.groups.yahoo.com with NNFMP; 15 Feb 2002 19:57:21 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_2); 15 Feb 2002 20:09:51 -0000 Received: (qmail 5412 invoked from network); 15 Feb 2002 20:09:51 -0000 Received: from unknown (216.115.97.167) by m12.grp.snv.yahoo.com with QMQP; 15 Feb 2002 20:09:51 -0000 Received: from unknown (HELO web14505.mail.yahoo.com) (216.136.224.68) by mta1.grp.snv.yahoo.com with SMTP; 15 Feb 2002 20:09:51 -0000 Message-ID: <20020215200951.50384.qmail@web14505.mail.yahoo.com> Received: from [12.78.123.122] by web14505.mail.yahoo.com via HTTP; Fri, 15 Feb 2002 12:09:51 PST To: iwar@yahoogroups.com In-Reply-To: <72222DC86846D411ABD300A0C9EB08A1079C3372@csoc-mail-box.csoconline.com> From: "e.r." <fastflyer28@yahoo.com> X-Yahoo-Profile: fastflyer28 Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 15 Feb 2002 12:09:51 -0800 (PST) Subject: RE: [iwar] [fc:Cybersecurity.A.Top.Priority:.White.House.Adviser. Presses.Computer.Industry.to.Do.More] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Agreed. Bill will figure out a way to make us pay him more money-with licenses and annual upkeep. He has been at his Country Clun too often. As for Larry, well.. he will do well in the merica's Cup. I will not go any further. All of these guys have egos the size of Montana so we, the great uswashed will suffer along. I hope these boys are enjoying it at out expense. Someone should be. --- "Leo, Ross" <Ross.Leo@csoconline.com> wrote: > All I can say is: > > 1. Hooray Bill! At least you are being realistic by saying "less > vulnerable...". We won't hold our breath, but we will wait and see. > > 2. Once again Larry Ellison grandiloquently pledges the impossible, > and > once again won't deliver. His attention-getting remarks are worse > than > boring. As Anthony Hopkins' character from "The Edge" said "What one > man > can do, another can do." With apologies, "What one man can build, > another > can break". At best Oracle will only be improved (which is fine) - > but > unbreakable? Not very realistic. > > 3. Hooray John! The light comes on. Funny how the leader of the > networking behemoth has only now figured out how fully and completely > network security and networking configuration/performance are > fundamentally > a part of each other such that he is now calling security > enhancements > "necessities"! > > This is good news, at least 2 out of 3 anyway. However. talk is > cheap. > > Ross > > > > > -----Original Message----- > From: Fred Cohen [mailto:fc@all.net] > Sent: Thursday, February 14, 2002 23:48 > To: iwar@onelist.com > Subject: [iwar] > [fc:Cybersecurity.A.Top.Priority:.White.House.Adviser.Presses.Computer.I > ndustry.to.Do.More] > > > Cybersecurity A Top Priority: White House Adviser Presses Computer > Industry > to Do More > > By Ariana Eunjung Cha, Washington Post, 2/10/02 > www.washingtonpost.com > > The unusual announcements from three of the technology industry's > most > powerful men came just weeks apart. > > Microsoft Corp. Chairman Bill Gates declared that making his > company's > software less vulnerable to security breaches would take precedence > over > adding new features. Oracle Corp.'s Larry Ellison pledged to make his > company's database programs "unbreakable." Cisco Systems Inc.'s John > Chambers told clients at a private conference that he no longer > regarded > security enhancements on equipment that directs traffic across the > Internet as extras but as necessities. > > The timing of the announcements was no coincidence. > > Directly or indirectly, the statements were influenced by an > aggressive > public awareness campaign orchestrated by Richard A. Clarke, who in > October took on the new job of White House cyberspace security > adviser. > In private meetings with chief executives and in speeches at > conferences, Clarke has pushed companies to commit themselves to > protecting the online world from attacks by terrorists and other > nefarious parties. > > "There is . . . a growing consensus in government and industry that > we > can no longer continue praising the emperor's new clothes," Clarke > said > in an interview this week. "There is a willingness to admit that > there > are vulnerabilities and it is not inconceivable that they will be > used > against us in a way that could be very damaging to the economy." > > Clarke's push is part of a government-wide effort to improve > cybersecurity and to better coordinate the efforts of bureaucracies > and > corporations. > > Just yesterday, the House passed a bill that would allocate $880 > million > over five years to computer-security research. And a coalition of > companies in partnership with the federal government announced a > National Cybersecurity Campaign to teach home and small-business > computer users how to safeguard their machines. > > Over the past few months Clarke has drawn up his own ambitious > agenda, > which includes: > > * Creating an Underwriters Laboratory-type place to test software > security. > > * Establishing a priority cell-phone system for law enforcement and > medical personnel. > > * Creating a "reverse 911," or multimedia emergency broadcasting > service, to send alerts to people in specific areas on land lines, > cell > phones or computers. > > * Establishing ties with cybersecurity experts in other countries to > coordinate investigations. > > * Setting up a government-run Internet called GovNet. > > Clarke successfully lobbied for an increase from $2.7 billion in > fiscal > year 2002 to $4 billion in 2003 for government-computer security. > > His office has created task forces of major Internet service > providers, > router manufacturers and security experts in and out of government to > develop a plan to protect the basic infrastructure of the Internet. > Their proposals are due in April. > > Clarke is still assembling a staff. He has filled only half of the 16 > jobs. > > The staff so far is a mix of national security officials, businessmen > and technical geeks. Howard Schmidt, the former head of computer > security for Microsoft, started in late January as Clarke's deputy. > Roger Cressey, a career public servant who has worked on > anti-terrorism > efforts in Israel, Somalia and the Balkans, is the chief of staff. > > Also in the office are Paul Kurtz, a longtime National Security > Council > staffer specializing in international relations; Steve Poizner, a > former > Silicon Valley entrepreneur; and Marcus Sachs, a retired army officer > who is better known for being part an elite group of hackers that > helped > the government neutralize the "Code Red" and "Nimda" worms. > > Clarke is emphasizing that government agencies and other interests > talk > and share information. > > "I see that office as having its greatest effect by bringing together > resources that already exist and making them go in the same > direction," > said Allen Paller, director of research for the SANS Institute, a > computer-security think tank in Bethesda. > > The various government agencies in charge of cybersecurity will come > together under one roof this month at the old Y2K initiative > headquarters at 18th and G Street. The Commerce Department's Critical > Infrastructure Assurance Office and the FBI's National Infrastructure > Protection Center outreach operations -- two groups known for past > turf > battles -- will join Clarke's staff. > > There has already been some awkwardness. While Tom Ridge's Office of > Homeland Security has taken the lead in issuing alerts about physical > threats, it has always been the FBI's job to let the public know > about > viruses, worms, hacks and other things that threaten the online > world. > And the mission of Clarke's office overlaps greatly with the Commerce > Department's critical infrastructure unit. > > The groups have temporarily resolved the issues by making sure that > Clarke's office is informed when the FBI issues alerts and by > appointing > John Tritak, director of the Commerce Department unit, as a > high-ranking > member of the critical infrastructure protection board that Clarke > oversees. > > Clarke spent much of his first 100 days in office making the rounds > of > technology companies. Many corporate executives expected feel-good > pep > talks about how government and industry could work hand-in-hand to > prevent cyber attacks. > > Instead, Clarke and his staff brought binders full of research papers > raising questions about security vulnerabilities. They were not above > coaxing or bullying the business officials with threats of regulation > and appeals to patriotism. > > "No vendor wants to appear like they are not being patriotic or > responsive to real concerns about security breaches or flaws now and > I > think Mr. Clarke is very effective at using that to push them to make > changes," said Catherine A. Allen, the chief executive of the > technology > group for the Financial Services Roundtable, which represents the > chief > executives of some of the nation's largest companies. > > Microsoft spokesman Jim Dessler said while the company chose on its > own > to redirect its software development efforts, "it came in the > backdrop > of an increased emphasis in security that has been put forward by > those > in government such as Clarke." > > Mary Ann Davidson, chief security officer at Oracle, said that since > Sept. 11 federal officials have made many people realize that perhaps > "the most frightening type of attack is one that's launched in > cyberspace to bring down our critical infrastructures." > > "To get these companies to put their money where their mouths have > been > for years, that is a major victory for his office," said Gilman > Louie, > who heads In-Q-Tel, the high-tech venture fund financed by the > Central > Intelligence Agency. > > But even as they praise his aggressiveness, some question Clarke's > priorities. > > His proposal to create GovNet has been criticized by many experts as > impractical and costly. His partnership approach to get industry to > do > things voluntarily has clashed with the opinions of groups such as > the > National Academy of Sciences, which recently put out a report that > said > new liability laws are the answer. > > Eugene Spafford, director of Purdue University's Center for Education > and Research in Information Assurance and Security, said Clarke > should > spend more of his energy on getting federal computer systems up to > par. > > "They are starting in the wrong place," Spafford said. "If I were out > in > industry I would find it unpersuasive to be told that I have to spend > a > lot of money on new security without some indication that government > has > done it first." > > > ------------------ > http://all.net/ > > Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > __________________________________________________ Do You Yahoo!? Got something to say? Say it better with Yahoo! Video Mail http://mail.yahoo.com ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST