[ISN] Cybersecurity chief says he doesn't want to change crypto rules -- yet

From: InfoSec News (isnat_private)
Date: Sun Dec 02 2001 - 23:54:27 PST

  • Next message: InfoSec News: "[ISN] Re: Personal Firewalls Spring Security Leaks - Update"

    Forwarded from: Jay D. Dyson <jdysonat_private>
    Courtesy of Cryptography List.
    - ---------- Forwarded message ----------
    Date: Fri, 30 Nov 2001 10:47:23 -0500
    From: "R. A. Hettinga" <rahat_private>
    To: cryptographyat_private,
    Subject: Cybersecurity chief says he doesn't want to change crypto rules -- yet
    Daily Briefing  
    November 26, 2001
    Cybersecurity chief pushes early-warning system
    By Bara Vaida, National Journal's Technology Daily
    The top priorities for the White House Office of Cyberspace Security
    include the creation of both an early-warning network for cyberattacks and
    an analysis center that would help the government target the most
    vulnerable points in the nation's critical infrastructure, the office's
    chief said last week in an interview with National Journal's Technology
    Richard Clarke, special adviser on cyberspace security to President Bush,
    said the early-warning network, called the Cyber Warning and Information
    Network (CWIN), would at first be a voice system that would link major
    computer-network operation centers and the information-sharing and
    assurance centers (ISACs) that represent critical infrastructure sectors,
    such as financial services, telecommunications and transportation. 
    CWIN would be modeled after the existing National Operations and
    Intelligence Watch Offices Network, which connects senior officials at the
    Pentagon, the National Security Agency, the White House, the State
    Department and the CIA by phone within 15 seconds. 
    "Let's say someone [in the private sector] sees 'Nimda' [a computer virus]
    spiking," Clarke said in describing how CWIN would work. "They can pick up
    the phone and get most of the people that need to know right away. 
    "This is a case where the government doesn't know best or first," he
    added.  "So you need a public-private partnership to reach out to these
    nodes in the private sector ...that see viruses first, that see the
    tsunamis of denial-of-service attacks first." 
    Clarke also is working on building the National Infrastructure Simulation
    and Analysis Center authorized under the section 1016 of the
    anti-terrorism law that Bush signed into law last month. The center was
    authorized to receive $20 million through the Defense Department and would
    create a simulated model of the Internet, the nation's telecom system and
    its physical infrastructure. The goal is to enhance understanding of how
    the systems interact and to mitigate vulnerabilities. 
    "There really is no place today where there is a live model of the
    Internet, and we want to model the interactions and interdependencies
    between the Internet, the telephone networks, the electric power grid," 
    Clarke said. "The way I describe it is [that] we need an 'acupuncture map'
    of the U.S. You know, where are the pressure points?" 
    Developing a model also may help Clarke to articulate his message that
    private-sector companies need to analyze their computer-security
    "The lesson I'm trying to get out to people ... is that we need to
    understand what the worst-case scenario is and then do prudent risk
    management so that you mitigate those possibilities," he said. 
    In addition, Clarke said Bush supports legislation by Sen. Robert Bennett,
    R-Utah, that would exempt businesses from the Freedom of Information Act
    (FOIA) when they share computer-security information with the government. 
    Clarke said he has talked to lawmakers on the issue. 
    On encryption, Clarke said he has no plans to change current U.S. policy,
    though some people on the Hill wanted to reopen the issue after the Sept. 
    11 terrorist attacks. 
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    -----END PGP SIGNATURE-----
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 02:38:34 PST