[ISN] Cyber-security czar snubs ID plan, defends Govnet

From: InfoSec News (isnat_private)
Date: Thu Nov 08 2001 - 04:11:42 PST

  • Next message: InfoSec News: "RE: [ISN] true terror..."

    Reuters, 11.08.01, 3:20 AM ET 
    By Elinor Mills Abreu
    PALO ALTO, Calif. (Reuters) - As technology companies promote the idea
    of a national identification card, the president's special adviser on
    cyber-security said Wednesday the idea has little support within the
    Bush administration.
    Richard Clarke said he couldn't name one official who supports the
    idea as proposed, although conceding that the administration doesn't
    yet have a formal position on the concept.
    "Everyone I've talked to doesn't think it's a good idea," Clarke said
    during a dinner speech hosted by Microsoft Corp. as part of its
    three-day Trusted Computing conference.
    The idea, raised in the wake of the Sept. 11 attacks, has drawn
    criticism from civil libertarians who say it would violate individual
    Despite those concerns, Larry Ellison of Oracle Corp. was the first to
    push ID cards, suggesting his company's database software should be
    used. Sun Microsystems Inc.'s Scott McNealy was next, and earlier
    Wednesday Siebel Systems Inc. announced "Homeland Security" software.
    Clarke said it is not clear that the country needs to have a mandatory
    identity card, but suggested there might be a use for credit
    card-sized smart cards that contain data and microchips. Such cards
    could be used for specific actions such as boarding airplanes and
    crossing U.S. borders, he said.
    "Not one national ID card that we force everybody to have," but
    multiple, voluntary cards that could improve the efficiency of
    activities, Clarke added.
    Clarke also defended the idea he proposed in mid-October for the
    government to consider creating a computer network, dubbed "Govnet,"
    that is separate from the Internet and which would, as a result, be
    less vulnerable to malicious attacks.
    He described it as a set of departmental and agency "intranets," which
    use Internet technologies, that would run on leased fiber optic cable
    instead of passing through routers and switches connected to the
    "It would be impervious to even the most dangerous denial-of-service
    attack," he said. Denial-of-service attacks are designed to
    temporarily shut down Web servers or other equipment by bombarding
    them with so much junk traffic that they can't handle the load.
    Government employees would still use the Internet, but also have
    computers linked to Govnet on their desks for internal communications
    and critical operations, Clarke said. This might be particularly
    useful for work such as manned space flight and air traffic control,
    he added.
    In response to criticisms that a separate network would not be immune
    from viruses, he said it would at least get viruses "hours or days"
    after they hit computers on the Internet.
    Critics also have noted that Govnet couldn't prevent so-called
    "insider threats," employees who intentionally or inadvertently create
    security breaches, which make up about 40 percent of network
    break-ins, Clarke said.
    To minimize that risk the government could closely monitor employees
    and require them to use technologies to prove their identity and
    permission to access the system, he said.
    "If it turns out to be vastly expensive then we won't do it," Clarke
    said. "It's is not designed to be a silver bullet" that will solve all
    the government's cyber-security problems, he added.
    Legislation to boost the powers of law enforcement in combating
    terrorism and the money being spent to provide more security for
    buildings and digital assets is the cost of doing business going
    forward, Clarke concluded.
    "We're paying more for security than we were six weeks ago," he said.
    "We now understand it is a cost of doing business."
    The economic costs so far have been trivial, "a few billion dollars,"
    which is minor compared to what the cost could be without the security
    measures, Clarke noted.
    In addition to money spent, Americans are having to give up some of
    their freedoms to privacy.
    The USA Patriot Act signed into law two weeks ago gives authorities
    broader rights to tap phones and track Internet, e-mail and cell phone
    usage, among other things. Under a "sunset provision," certain
    provisions will expire in five years.
    "If the administration abuses the law in any way," Clarke said, "Then
    the law can be re-enacted. We haven't given up civil liberties and
    The new law will allow the government to find perpetrators more
    quickly than they have in the past, he said.
    In 1998 after the U.S. Air Force computer system was attacked right
    before the Gulf War, it took officials four days to get nine search
    warrants to investigate the case, he said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 06:41:13 PST