Return-Path: <sentto-279987-5029-1027433431-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Jul 2002 07:14:08 -0700 (PDT) Received: (qmail 955 invoked by uid 510); 23 Jul 2002 14:09:39 -0000 Received: from n29.grp.scd.yahoo.com (66.218.66.85) by all.net with SMTP; 23 Jul 2002 14:09:39 -0000 X-eGroups-Return: sentto-279987-5029-1027433431-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.196] by n29.grp.scd.yahoo.com with NNFMP; 23 Jul 2002 14:10:31 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 23 Jul 2002 14:10:31 -0000 Received: (qmail 27331 invoked from network); 23 Jul 2002 14:10:30 -0000 Received: from unknown (66.218.66.218) by m3.grp.scd.yahoo.com with QMQP; 23 Jul 2002 14:10:30 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 23 Jul 2002 14:10:30 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6NECNN27484 for iwar@onelist.com; Tue, 23 Jul 2002 07:12:23 -0700 Message-Id: <200207231412.g6NECNN27484@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 23 Jul 2002 07:12:23 -0700 (PDT) Subject: [iwar] [fc:GAO:.U.S..Cyber.Security.Efforts.are.Uncoordinated] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: GAO: U.S. Cyber Security Efforts are Uncoordinated Congressional investigators uncover a rat's nest of 50 federal organizations overseeing the nation's cyber security, which still suffers. By Kevin Poulsen, Jul 22 2002 1:24PM If you've ever become overwhelmed tracking the alphabet soup of U.S. agencies handling cyber security, it turns out there's a reason. A congressional report released Monday identifies no less than 50 different federal organizations sharing responsibility for protecting critical infrastructures from cyber attack, and warns that they're in desperate need of a consistent strategy to glue them together. Investigators at the General Accounting Office, Congress' investigative arm, dug up five advisory committees, six White House organizations, 38 groups associated with departments or agencies, and three other entities, all working to keep America safe from "cyber terrorists" should they ever emerge. In addition to the groups that are household acronyms in the computer security world -- NIPC, PCIPB, FedCIRC, CIAO -- the GAO found some national cyber security responsibilities vested in organizations like the Federal Emergency Management Agency, the State Department's Bureau of Political-Military Affairs, and the Environmental Protection Agency, which takes the lead in protecting the U.S. water supply from cyber attack. The report, produced at the request of the Senate's governmental affairs committee, only counts organizations with national or interagency cyber security responsibilities - not those that are only responsible for securing their own systems. More Coordination Urged Despite the tangle of bureaucracy thrown at the problem, critical networks remain vulnerable to cyber attack, the GAO said. "Although agencies have taken steps to redesign and strengthen their information system security programs, our analyses of information security at major federal agencies have shown that federal systems were not being adequately protected from computer-based threats, even though these systems process, store, and transmit enormous amounts of sensitive data and are indispensable to many federal agency operations," reads the report. The GAO found that relationships among organizations performing similar critical infrastructure protection activities were ill-defined and inconsistent, and urged the White House to better define the key federal agencies' cyber security roles in its upcoming National Strategy to Secure Cyberspace, due for release in September. "Without a strategy that identifies responsibilities and relationships for all cyber CIP efforts, our nation risks not knowing whether we have the appropriate structure to deal with the growing threat of computer-based attacks on its critical infrastructure," the report concludes. In an response letter attached to the report, Richard Clarke, chair of the President's Critical Infrastructure Protection Board producing the national strategy, downplayed the importance of federal coordination. "The majority of computing power in the U.S. ... is not owned or operated by the federal government; it is owned an operated by private companies (large and small), universities, state and local governments and home users," writes Clarke. "This presents a unique strategic challenge." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Will You Find True Love? Will You Meet the One? Free Love Reading by phone! http://us.click.yahoo.com/7dY7FD/R_ZEAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT