[ISN] Lawmaker Sounds Computer Security Warning Note

From: InfoSec News (isnat_private)
Date: Thu Sep 27 2001 - 02:02:19 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, September 26, 2001"

    By Robert MacMillan, Newsbytes
    26 Sep 2001, 5:02 PM CST
    The recent terrorist attacks on the World Trade Center and the
    Pentagon presage the potential of severe cyber-sorties on the nation's
    and government's critical IT infrastructures, and now is not the time
    for Congress to delay in doing their part to fabricate a strong online
    defense, an influential House subcommittee chairman today said.
    Rep. Stephen Horn, R-Calif., chairman of the House Government Reform
    Subcommittee on Government Efficiency, Financial Management and
    Information Technology, said in a hearing on IT security that the
    defenders of the critical IT infrastructure must learn from the Sept.
    11 terrorist attacks. They must realize, he said, that the
    "government's critical computer systems are as vulnerable to attack as
    airport security."
    Horn also said that the General Accounting Office (GAO) in 1997 added
    government computer security to its high-risk list, but "it is now
    2001, and the government has made little progress in addressing
    computer security issues."
    GAO Information Technology Issues Managing Director Joel Willemssen
    told the subcommittee that the federal government's IT infrastructure
    continues to be poorly protected, due in large part to slow movement
    to adopt better practices, and the difficulty of inter-agency
    This is especially dangerous, he added, in light of recent
    headline-grabbing viruses and worms, including ILOVEYOU, Melissa,
    CodeRed and other crippling malware that has run repair and
    replacement costs into the billions of dollars.
    Willemssen also noted a larger number of computer security breaches
    reported to Carnegie Mellon University's Computer Emergency Response
    Team (CERT), from 9,859 in 1999 to 21,756 in 2000, especially with the
    rapidly increasing amount of hacking tools made available online.
    The Sept. 11 terrorist attacks notwithstanding, Horn also said recent
    computer worm and virus issues highlight the ongoing need to protect
    critical computer systems.
    "Following the terrorist attacks on New York and Washington, the
    'Nimda' worm attacked computer systems around the world," Horn said.
    "On Monday, a new worm was unleashed on computer systems. This worm is
    capable of wiping out a computer's basic system files. These attacks
    are increasing in intensity, sophistication and potential damage."
    Horn long has been an advocate of increased cyber-security for
    government computer systems. Last September he released a "report
    card" for federal government cyber-security, giving the government an
    "appalling average grade of D-minus."
    The Clinton administration's National Security Council cyber-security
    point man, Richard Clarke, agreed with Horn that computer security
    needed drastic improvement.
    In testimony before the subcommittee today, Information Technology
    Association of America (ITAA) President Harris Miller said that future
    attacks could be aimed completely at the Internet.
    "Many people are unsure what homeland defense means and unclear on how
    they can participate," Miller said. "I would like to suggest an
    immediate action: safeguard U.S. computer assets by adopting much more
    widely sound information security practices."
    Several private groups, including Gartner Inc., have urged the Bush
    administration to appoint a federal chief information officer to field
    a range of IT issues, including privacy, electronic government,
    Internet voting and cyber-security.
    Rep. Jim Turner, D-Texas, has sponsored legislation to create a
    federal CIO position, as have Sens. Joseph Lieberman, D-Conn., and
    Conrad Burns, R-Mont. White House Office of Management and Budget
    Deputy Director Sean O'Keefe in July told a Senate hearing, however,
    that a federal CIO would create a new and unnecessary government
    The Bush administration supports using the OMB deputy director of
    management as a cyber-security chief.
    Meanwhile, Congress is ready to reconcile House and Senate spending
    bills that provide millions for online crime-fighting. The Senate
    Commerce-Justice-State Appropriations bill contains about $100 million
    for the FBI to battle Internet crime, as well as $6.8 million for the
    FBI to better intercept data.
    The Senate also recommends another $7 million to help the FBI break
    encrypted data, and $7.2 million for the Office of Justice Programs to
    develop four regional labs for analyzing the hard drives of seized
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 06:43:21 PDT