Forwarded from: Jay D. Dyson <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- Courtesy of Cryptography List. - ---------- Forwarded message ---------- Date: Fri, 30 Nov 2001 10:47:23 -0500 From: "R. A. Hettinga" <rahat_private> To: cryptographyat_private, Subject: Cybersecurity chief says he doesn't want to change crypto rules -- yet http://www.govexec.com/news/index.cfm?mode=report&articleid=21712&printerfriendlyVers=1& Daily Briefing November 26, 2001 Cybersecurity chief pushes early-warning system By Bara Vaida, National Journal's Technology Daily The top priorities for the White House Office of Cyberspace Security include the creation of both an early-warning network for cyberattacks and an analysis center that would help the government target the most vulnerable points in the nation's critical infrastructure, the office's chief said last week in an interview with National Journal's Technology Daily. Richard Clarke, special adviser on cyberspace security to President Bush, said the early-warning network, called the Cyber Warning and Information Network (CWIN), would at first be a voice system that would link major computer-network operation centers and the information-sharing and assurance centers (ISACs) that represent critical infrastructure sectors, such as financial services, telecommunications and transportation. CWIN would be modeled after the existing National Operations and Intelligence Watch Offices Network, which connects senior officials at the Pentagon, the National Security Agency, the White House, the State Department and the CIA by phone within 15 seconds. "Let's say someone [in the private sector] sees 'Nimda' [a computer virus] spiking," Clarke said in describing how CWIN would work. "They can pick up the phone and get most of the people that need to know right away. "This is a case where the government doesn't know best or first," he added. "So you need a public-private partnership to reach out to these nodes in the private sector ...that see viruses first, that see the tsunamis of denial-of-service attacks first." Clarke also is working on building the National Infrastructure Simulation and Analysis Center authorized under the section 1016 of the anti-terrorism law that Bush signed into law last month. The center was authorized to receive $20 million through the Defense Department and would create a simulated model of the Internet, the nation's telecom system and its physical infrastructure. The goal is to enhance understanding of how the systems interact and to mitigate vulnerabilities. "There really is no place today where there is a live model of the Internet, and we want to model the interactions and interdependencies between the Internet, the telephone networks, the electric power grid," Clarke said. "The way I describe it is [that] we need an 'acupuncture map' of the U.S. You know, where are the pressure points?" Developing a model also may help Clarke to articulate his message that private-sector companies need to analyze their computer-security vulnerabilities. "The lesson I'm trying to get out to people ... is that we need to understand what the worst-case scenario is and then do prudent risk management so that you mitigate those possibilities," he said. In addition, Clarke said Bush supports legislation by Sen. Robert Bennett, R-Utah, that would exempt businesses from the Freedom of Information Act (FOIA) when they share computer-security information with the government. Clarke said he has talked to lawmakers on the issue. On encryption, Clarke said he has no plans to change current U.S. policy, though some people on the Hill wanted to reopen the issue after the Sept. 11 terrorist attacks. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBPAgSCrlDRyqRQ2a9AQGYNwP+Ih/P2Kazq4gbuM6Xz56kj7+7P5n2O8iX NV4hOJJ4H/IZIOzsqWkmejfWRNJpzQYL5XsmfcOHFFdhH3csW7IxzehQXdSGf/69 mdAc+MVqYBptOV4E8T/y0b6nthHbRmDU8pRckP8DivtQLIne0clv063ApokVhpMm N3jKHaXvsEs= =pHi5 -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 02:38:34 PST