[ISN] YAGP (Yet Another Government Panel)

From: security curmudgeon (jerichoat_private)
Date: Wed Jul 18 2001 - 15:34:46 PDT

  • Next message: Jay D. Dyson: "[ISN] Criminal conduct and "cryptography." (Adobe vs. Sklyarov)"

    July 18, 2001
    U.S. Panel Is Planned on Protecting
    Nation's Most Important Computers
    Staff Reporter of THE WALL STREET JOURNAL
    WASHINGTON -- The Bush administration is moving to set up a government
    cyber-security panel to determine how best to protect the nation's most
    important computers and keep the federal government functioning in case of
    serious cyber-attack. 
    The effort is outlined in the final draft of an executive order, called
    "Infrastructure Protection in the Information Age," which is circulating
    among senior administration officials. President Bush is expected to sign
    and issue the order within two weeks, and the panel would begin operations
    Oct. 1. 
    To be composed of 23 officials representing a broad range of federal
    departments and agencies, the panel would be a focal point for policy
    decisions on computer-network security and act to ensure that outages from
    attacks are "rare, brief, limited geographically, manageable and minimally
    detrimental to the economy, human and government services and national
    security," the draft order says. 
    The document doesn't spell out who will run the board as a senior adviser
    reporting to Mr. Bush, but the presumptive chairman is Richard Clarke, the
    U.S. national coordinator for counterterrorism, organized crime and
    computer security. The order specifies that each department and several
    agencies appoint a "senior official" to the committee, but it remains
    unclear whether board members will have sufficient clout to reverse years
    of generally poor computer security in government. 
    The board could have an indirect impact on private industry. It will work
    with industry groups on how to protect "critical'' private-sector computer
    networks, such as those controlling banking, telecommunications and
    electric power. It also is expected to consult with Congress on
    computer-security legislation. And by helping to set standards for
    government equipment, the board could influence the broader market. 
    It will work with companies through advisory panels and two industry
    groups, the National Information Assurance Council and the National
    Security Telecommunications Advisory Committee. 
    But some computer-security experts question whether a committee approach
    can be effective. "All of these people have a point of view," said Fred
    Rica, a partner at PricewaterhouseCoopers who participates on a White
    House advisory committee. "Ultimately you need someone accountable." 
    The result of months of review by the National Security Council, Mr.
    Bush's order wouldn't make the board itself responsible for computer
    break-ins at U.S. agencies; the heads of departments would continue to be
    accountable for lax security. 
    The new order switches oversight for national security networks from the
    Pentagon to the civilian board. Under the order, the Defense Department
    would help lead studies on protecting sensitive U.S. networks and deciding
    how to respond to attacks. Senior officials earlier had hoped to scrap
    some of the government's patchwork of committees, boards and councils
    responsible for warning about cyber-attacks. The new order doesn't disband
    any existing organization. 
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 02:39:24 PDT