http://www.newsbytes.com/news/01/170534.html By Robert MacMillan, Newsbytes WASHINGTON, D.C., U.S.A., 26 Sep 2001, 5:02 PM CST The recent terrorist attacks on the World Trade Center and the Pentagon presage the potential of severe cyber-sorties on the nation's and government's critical IT infrastructures, and now is not the time for Congress to delay in doing their part to fabricate a strong online defense, an influential House subcommittee chairman today said. Rep. Stephen Horn, R-Calif., chairman of the House Government Reform Subcommittee on Government Efficiency, Financial Management and Information Technology, said in a hearing on IT security that the defenders of the critical IT infrastructure must learn from the Sept. 11 terrorist attacks. They must realize, he said, that the "government's critical computer systems are as vulnerable to attack as airport security." Horn also said that the General Accounting Office (GAO) in 1997 added government computer security to its high-risk list, but "it is now 2001, and the government has made little progress in addressing computer security issues." GAO Information Technology Issues Managing Director Joel Willemssen told the subcommittee that the federal government's IT infrastructure continues to be poorly protected, due in large part to slow movement to adopt better practices, and the difficulty of inter-agency coordination. This is especially dangerous, he added, in light of recent headline-grabbing viruses and worms, including ILOVEYOU, Melissa, CodeRed and other crippling malware that has run repair and replacement costs into the billions of dollars. Willemssen also noted a larger number of computer security breaches reported to Carnegie Mellon University's Computer Emergency Response Team (CERT), from 9,859 in 1999 to 21,756 in 2000, especially with the rapidly increasing amount of hacking tools made available online. The Sept. 11 terrorist attacks notwithstanding, Horn also said recent computer worm and virus issues highlight the ongoing need to protect critical computer systems. "Following the terrorist attacks on New York and Washington, the 'Nimda' worm attacked computer systems around the world," Horn said. "On Monday, a new worm was unleashed on computer systems. This worm is capable of wiping out a computer's basic system files. These attacks are increasing in intensity, sophistication and potential damage." Horn long has been an advocate of increased cyber-security for government computer systems. Last September he released a "report card" for federal government cyber-security, giving the government an "appalling average grade of D-minus." The Clinton administration's National Security Council cyber-security point man, Richard Clarke, agreed with Horn that computer security needed drastic improvement. In testimony before the subcommittee today, Information Technology Association of America (ITAA) President Harris Miller said that future attacks could be aimed completely at the Internet. "Many people are unsure what homeland defense means and unclear on how they can participate," Miller said. "I would like to suggest an immediate action: safeguard U.S. computer assets by adopting much more widely sound information security practices." Several private groups, including Gartner Inc., have urged the Bush administration to appoint a federal chief information officer to field a range of IT issues, including privacy, electronic government, Internet voting and cyber-security. Rep. Jim Turner, D-Texas, has sponsored legislation to create a federal CIO position, as have Sens. Joseph Lieberman, D-Conn., and Conrad Burns, R-Mont. White House Office of Management and Budget Deputy Director Sean O'Keefe in July told a Senate hearing, however, that a federal CIO would create a new and unnecessary government bureaucracy. The Bush administration supports using the OMB deputy director of management as a cyber-security chief. Meanwhile, Congress is ready to reconcile House and Senate spending bills that provide millions for online crime-fighting. The Senate Commerce-Justice-State Appropriations bill contains about $100 million for the FBI to battle Internet crime, as well as $6.8 million for the FBI to better intercept data. The Senate also recommends another $7 million to help the FBI break encrypted data, and $7.2 million for the Office of Justice Programs to develop four regional labs for analyzing the hard drives of seized computers. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 06:43:21 PDT