[ISN] U.S. Cyber-Security Efforts Faulted

From: InfoSec News (isnat_private)
Date: Tue Jul 23 2002 - 00:02:57 PDT

  • Next message: InfoSec News: "[ISN] Feds endorse guide for Windows security"

    Forwarded from: William Knowles <wkat_private>
    By Ted Bridis
    Associated Press Writer
    Monday, July 22, 2002; 10:38 PM 
    WASHINGTON -- Years after orders from the White House to beef up the
    security of the nation's most important computer systems, the
    government is having trouble identifying which organizations should be
    involved and how they should be coordinated, according to a new
    President Bush's recent proposal to create a Cabinet-level Department
    of Homeland Security said at least 12 organizations oversee protection
    of important infrastructure. But the General Accounting Office, the
    investigating arm of Congress, said it identified at least 50
    organizations already involved in such efforts, usually focused on
    protecting vital computer networks.
    The GAO said those groups include five advisory committees, six
    organizations under the White House, 38 groups under executive
    agencies and three others. Within the Defense Department alone, the
    GAO found seven organizations.
    Those numbers might go up. Richard Clarke, the chairman of Bush's
    cyber-security protection board, said the Sept. 11 terror attacks and
    their aftermath have caused the administration to consider broadening
    definitions of critical infrastructure to include national monuments
    and chemical industries.
    "We have learned from the tragedy on Sept. 11 that our enemies will
    increasingly strike where they believe we are vulnerable," said Sen.  
    Joseph Lieberman, D-Conn., who asked for the GAO report as chairman of
    the Governmental Affairs Committee. "As this report shows, our
    cyberspace infrastructure is ripe for attack today."
    Clarke also noted that most of the networks needing protection are
    owned by private companies, universities, state and local governments
    and even home computer users. "This presents a unique strategic
    challenge," Clarke said in a letter to the GAO.
    The government previously defined critical infrastructures to include
    banks, hospitals, water and food supplies, communications networks,
    energy and transportation systems and the postal system.
    The GAO report warned that the problem can't be solved at least until
    it's defined well. "The opportunity for ensuring that all relevant
    organizations are addressed exists in the development of the new
    national strategy," it said.
    Even organizations already involved are slowly discovering the scope
    of the problems from an increasingly interconnected world. An early
    warning network for the nation's food manufacturers recently decided
    it needed to coordinate with the Interior Department because that
    agency controls many of the country's water supplies and hydroelectric
    dams for electricity.
    The GAO also noted that it was nearly impossible to know how much the
    U.S. government was spending on the protection of its infrastructure,
    because the organizations involved don't receive money for specific
    projects and don't track such spending.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 02:44:58 PDT