[ISN] Cyberwar Foundering on Feuds?

From: InfoSec News (isnat_private)
Date: Wed Oct 10 2001 - 00:36:48 PDT

  • Next message: InfoSec News: "Re: [ISN] Cyberwar Foundering on Feuds?"

    By Michelle Delio 
    2:00 a.m. Oct. 9, 2001 PDT 
    Some government agency workers charged with protecting critical
    computer systems are increasingly becoming entangled in
    counterproductive, time-wasting power plays, according to sources
    inside and outside of the agencies.
    Political power plays aren't news, but the struggle between the
    FBI-led National Infrastructure Protection Center (NIPC) and the newly
    formed Homeland Security Office has many doubting that either agency
    will be able to perform at peak levels over the next few months.
    The NIPC, established in February 1998, was assigned to protect U.S.
    critical systems against terrorism and other attacks, duties that have
    now also been assigned to the Homeland Security Office (HSO), formed
    in response to the Sept. 11 terrorist attacks.
    Over the years the NIPC has increasingly focused on computer security,
    but the HSO also has a new cyber-security division.
    "Homeland Defense wants the NIPC to report to them, but the NIPC
    believes they should be the cyber-security office," said Rob
    Rosenberger of security news site Vmyths.
    "Fights have started to break out over the lines and boxes on Homeland
    Security's organization chart. The Bush administration will waste a
    lot of time and effort over the next few months while offices jockey
    for position."
    Sources inside the agencies confirmed there has been some confusion
    and tension over who will report to whom but insist that the majority
    of employees in both agencies remain focused.
    "This isn't the time to play political slap and tickle with each
    other. We need to get focused fast," said an FBI agent who requested
    But security experts are divided over whether the agencies can put
    power plays aside.
    President Bush installed former Pennsylvania Gov. Tom Ridge as head of
    the Office of Homeland Security on Monday, pledging, "America is going
    to be prepared."
    Richard Clarke, who has served as counter terrorism chief at the White
    House for more than a decade, will head the new Office of Cyberspace
    Security and will report to Ridge. But according to the presidential
    order that outlines his job, Ridge has little power, beyond
    persuasion, to compel other agencies or officials to do anything.
    "I'm just not impressed with the overall United States government
    infrastructure assurance effort," said Richard Forno, chief technology
    officer for Shadowlogic.
    Forno has acted as an adviser to the Department of Defense on
    information warfare. "Clarke actually has a clue about this stuff, but
    given the environment he's charged with working in, he can't be
    Ridge's office declined to comment on how or if Ridge will be able to
    coordinate efforts between his staff and agencies that have
    historically avoided working together.
    "Yes, there are issues. Yes, Ridge can request but not compel. That
    will be taken advantage of by some. Understand though, times are very
    different now. Most people are putting all that previous pettiness
    aside, at least for a while. Ridge is well respected here," said the
    FBI agent previously quoted.
    Others said that it would be difficult for the agencies to work
    together, but felt that the situation would be swiftly sorted out.
    "Will there be clashes between the agencies? Yes. Is that OK? Well,
    it's normal," said security expert Fred Villella. "Like
    cyber-terrorism itself, this situation isn't out of control; but it
    isn't under control either."
    Villella was the executive secretary to the president's national
    security adviser for emergency mobilization under the Reagan
    administration. He now heads up New Dimensions International, a
    security services company that recently introduced training against
    cyber-terrorism attacks.
    "There will be big turf issues to be resolved with FEMA (Federal
    Emergency management Agency), NIPC and all of the other 'letter'
    agencies," said Villella. "That is inevitable. And for many,
    (computer) skills and getting a grip on the dimensions of cyberspace
    and their adversaries' capabilities are needed competencies that have
    yet to be acquired."
    "But we do need a focus to direct attention to cyber-security. Richard
    Clark and Tom Ridge's combined talents and drive in the right
    direction will improve the approach," Villella said. "(It's) a very
    tough task.... They will have to screen who they are influenced by.
    There are those selling products like me, and there are a lot of
    hacker types who focus on cryptography solutions. Which of these
    approaches are right for the cyber-terror task? Or is there more than
    one solution?"
    Security experts said that basic measures, such as disconnecting
    entire critical infrastructures from the Internet and ensuring that
    all software meets stringent security guidelines, would go a long way
    toward hardening U.S. cyber-defense.
    Experts also pointed out that the government will most likely continue
    to be led in their efforts to lock down computer systems by the
    private computer security industry.
    "The computer security industry guides the government, not the other
    way around," Rosenberger said. "Face it: if a 'virus war' broke out,
    our vaunted U.S. military would run like a helpless damsel to the
    anti-viral industry."
    Hackers or no hackers, Rosenberger and Forno don't hold out much hope
    for governmental security experts.
    "We'll see more meetings, taskforces, memos, reports etcetera," Forno
    said. "Will it make a difference? It depends on how OHS is structured
    and what authority Tom Ridge is given to force people in the
    government to play ball. If, as it appears now, he is only to
    coordinate things, it will never be effective."
    "If the government does anything at all, it creates a bureaucracy,"
    Rosenberger said. "Don't get me wrong, we need bureaucracies. And I
    honestly believe the Feds will someday figure out what their
    bureaucracy should do."
    Rosenberger thinks that the NIPC will eventually come out on top of
    the power heap.
    "I'd bet on the gun-toting agents to win this one, especially if
    Congress does enact a law to sentence virus writers to life in prison
    without possibility of parole."
    A new bill called Patriot (Provide Appropriate Tools Required to
    Intercept and Obstruct Terrorism) -- which legally classifies many
    hack attacks as acts of terrorism -- is making its way through the
    House and Senate this week.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 06:33:03 PDT