[ISN] Cybersecurity called key to homeland defense

From: InfoSec News (isnat_private)
Date: Mon Oct 01 2001 - 03:22:12 PDT

  • Next message: InfoSec News: "[ISN] Three Minutes With Security Expert Bruce Schneier"

    http://www.fcw.com/fcw/articles/2001/1001/news-cyber-10-01-01.asp
    
    By Diane Frank 
    Oct. 1, 2001
    
    As the Office of Homeland Security takes shape, federal and
    private-sector technology experts are urging the Bush administration
    to ensure that cybersecurity is included.
    
    President Bush created the office last month in response to the Sept.
    11 terrorist attacks and named Pennsylvania Gov. Tom Ridge as its
    head. The Cabinet-level office will coordinate, not replace, the many
    federal, state and local agencies involved in protecting the nation
    against terrorist attacks, officials said.
    
    "The key here, when it comes to homeland defense, is to have one very
    effective person at the pinnacle of it who can help co.ordinate it,"
    White House spokesman Ari Fleischer said last month.
    
    The administration is still determining the office's exact structure,
    including staffing and funding, Fleischer said. Several bills are
    moving through Congress to better define the office.
    
    But while much of the reaction to the terrorist attacks has focused on
    physical security, such as airport and building security, information
    technology and cybersecurity also must be included, experts said.
    
    "It is likely that a separate strategy will be needed to ensure that
    critical computer systems are also protected," Joel Willemssen,
    managing director of IT issues at the General Accounting Office,
    testified at a hearing last month. "However, it will be essential to
    link the government's strategy for combating computer-based attacks to
    the national strategy for combating terrorism."
    
    White House officials have been reviewing the national plan for
    protecting the country's critical infrastructures, including the
    telecommunications sector, since January. Now, officials are
    discussing how that strategy will relate to the Office of Homeland
    Security, Willemssen said.
    
    The government's lead agency for responding to cyberattacks, the
    National Infrastructure Protection Center, is helping the
    investigation. The NIPC also offers vital support to the new office
    because it coordinates protection and response across different
    entities, NIPC Director Ronald Dick said.
    
    The coordination between physical and cyber protection is essential as
    agencies consider what could have happened if the "Nimda" worm, which
    spread rapidly to affect the Internet, had hit Sept. 11 instead of a
    week later, experts said.
    
    Intelligence and information sharing among agencies, as well as quick
    dissemination of information via the Internet, will be crucial to the
    office's success, said Mark DeMier, deputy director for operations at
    the Anser Institute for Homeland Security.
    
    "It's going to be essential [because] after the attacks, the Internet
    was the most reliable way to communicate," he said.
    
    Both high- and low-grade technology will play important roles in
    helping the new security office do its job, DeMier noted. Everything
    from facial recognition to air-purification masks should be used, he
    said.
    
    The Homeland Security Office's effectiveness will depend on Congress'
    willingness to give agencies adequate resources for any new
    responsibilities to support the office, said Michael Vatis, director
    of the Dartmouth College Institute of Security Technology Studies and
    former NIPC director. One reason why critical information systems lack
    adequate security is that many agencies are required to secure the
    systems without being given the funds to do so, he said.
    
    Dan Caterinicchia contributed to this article.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 14:25:09 PDT