Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A47335-2002Jul22.html By Ted Bridis Associated Press Writer Monday, July 22, 2002; 10:38 PM WASHINGTON -- Years after orders from the White House to beef up the security of the nation's most important computer systems, the government is having trouble identifying which organizations should be involved and how they should be coordinated, according to a new report. President Bush's recent proposal to create a Cabinet-level Department of Homeland Security said at least 12 organizations oversee protection of important infrastructure. But the General Accounting Office, the investigating arm of Congress, said it identified at least 50 organizations already involved in such efforts, usually focused on protecting vital computer networks. The GAO said those groups include five advisory committees, six organizations under the White House, 38 groups under executive agencies and three others. Within the Defense Department alone, the GAO found seven organizations. Those numbers might go up. Richard Clarke, the chairman of Bush's cyber-security protection board, said the Sept. 11 terror attacks and their aftermath have caused the administration to consider broadening definitions of critical infrastructure to include national monuments and chemical industries. "We have learned from the tragedy on Sept. 11 that our enemies will increasingly strike where they believe we are vulnerable," said Sen. Joseph Lieberman, D-Conn., who asked for the GAO report as chairman of the Governmental Affairs Committee. "As this report shows, our cyberspace infrastructure is ripe for attack today." Clarke also noted that most of the networks needing protection are owned by private companies, universities, state and local governments and even home computer users. "This presents a unique strategic challenge," Clarke said in a letter to the GAO. The government previously defined critical infrastructures to include banks, hospitals, water and food supplies, communications networks, energy and transportation systems and the postal system. The GAO report warned that the problem can't be solved at least until it's defined well. "The opportunity for ensuring that all relevant organizations are addressed exists in the development of the new national strategy," it said. Even organizations already involved are slowly discovering the scope of the problems from an increasingly interconnected world. An early warning network for the nation's food manufacturers recently decided it needed to coordinate with the Interior Department because that agency controls many of the country's water supplies and hydroelectric dams for electricity. The GAO also noted that it was nearly impossible to know how much the U.S. government was spending on the protection of its infrastructure, because the organizations involved don't receive money for specific projects and don't track such spending. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 02:44:58 PDT