[ISN] Fighting Evil Hackers With Bucks

From: InfoSec News (isnat_private)
Date: Fri Oct 12 2001 - 04:47:32 PDT

  • Next message: InfoSec News: "[ISN] Web server attacks doubled over the last year"

    By Declan McCullagh and Ben Polen 
    2:00 a.m. Oct. 11, 2001 PDT  
    WASHINGTON -- Worried about the threat of terrorists-turned-hackers,
    members of a House panel spent Wednesday puzzling over how Congress
    could improve computer security.
    "What legislative and other steps are needed to increase the focus on
    computer security?" Rep. Sherwood Boehlert (R-New York), chairman of
    the House Science committee, asked at a "cybersecurity" hearing.
    Boehlert added: "We want to focus on real, concrete problems and
    develop specific solutions."
    In truth, there's not much that Congress can do: America's computer
    security is in the hands of geeks more inclined to read Slashdot than
    the Federal Register. Because security relies on technologies like
    firewalls and bug fixes, the government's role has been limited to
    indirect mechanisms like tax cuts and federal grants.
    Politicians may not know the difference between a byte and a nibble,
    but they are experts in spending money. And during the aftermath of
    the deadly Sept. 11 attacks, legislators seem willing to sign
    unusually fat checks.
    "No federal funding agency has assumed responsibility for supporting
    basic research in this area -- not DARPA, not the NSF, not the
    Department of Energy, not the NSA," complained William Wulf, a
    professor of engineering and applied science at the University of
    Virginia who testified at the hearing.
    Wulf was referring to the Defense Advanced Research Projects Agency,
    the National Science Foundation and the National Security Agency.
    Wulf said that it wasn't a temporary budget increase that was
    necessary -- but a permanent one. "Don't think it's an issue of a lot
    of money but some type of guarantee of long-term money," he said.
    While the Sept. 11 hijackers did use the Internet to book airplane
    tickets, according to police reports, there's no public evidence that
    they or accused mastermind Osama bin Laden ever planned on attacking
    websites. But even in the absence of evidence, politicians are doing
    anything they can to increase security in all aspects of American
    The National Science Foundation already has a scholarship program that
    pays for two years of computer science university education in
    exchange for two years of federal service after graduation.
    But Eugene Spafford, professor of computer science at Purdue
    University, said his school had unfilled slots for the program.
    Spafford said his students are more attracted to the corporate world
    where "they get paid higher salaries for doing the same work."
    Another idea, offered by Terry Benzel, a vice president at Network
    Associates, was for the feds to create a program for "more senior and
    experienced people to rotate in, who have an understanding of the
    contributions we can make."
    Benzel suggested that the newly created Office of Homeland Security
    should be responsible. "We need a new organization which can benefit
    from some of the best and brightest," he said. "Coordination is
    difficult and setting an agenda and road map will require significant
    investment. It would be a good task to assign to the Office of
    Homeland Security."
    Rep. Vernon Ehlers (R-Michigan) offered his own suggestion for
    improving America's computer security: Use a Mac. "I own a Macintosh.
    I got through Y2K -- I didn't even think about it. And I've never had
    any problems with viruses. Maybe there's a lesson to be learned."
    Separately on Wednesday, President Bush's new cyberspace security
    adviser announced plans for a secure network for government use.
    Richard Clarke said the network would be called GOVNET -- and would
    not be connected to the Internet because of the hacker-terrorist
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 06:33:45 PDT