http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A15910-2002Jul16¬Found=true By Shannon Henry Washington Post Staff Writer Wednesday, July 17, 2002; Page E05 In a high-tech, high-powered version of a neighborhood watch, a group of government agencies and private businesses plan to announce today a common set of standards and software to fight computer hacking. The Pentagon, the National Security Agency, the National Institute of Standards and Technology, and other agencies are joining forces with such corporations as Intel Corp., Allstate Insurance Co., First Union Corp., Visa and Pacific Gas & Electric Co. to agree on technical actions to stem computer fraud and theft. "It's support for the homeland security strategy," said Clint Kreitner, president and chief executive of the Center for Internet Security (CIS), the nonprofit group of agencies and companies that is coordinating the effort. "We forged a technical consensus." The announcement comes as there is increased concern over computer security since Sept. 11. Computer hacking, much of which has been caused by mischievous teenagers, has become more pervasive and destructive. The perceived threat of cyber-terrorism from countries or terrorist groups has raised the stakes. Richard Clarke, who was appointed the nation's cyber-security adviser late last year, has said he worries about a "digital Pearl Harbor," where the country's vital networks could be attacked. While some government agencies and corporations have installed rigorous security provisions, others lag behind, failing to use even commonly available patches. There has not even been a commonly agreed-upon set of fixes to install; the decision about how a computer system will be protected usually falls to the person in charge of installing the protection. Representatives of those agreeing to the standards had an initial meeting on April 18, said Kreitner, that was followed by a flurry of e-mails. "The challenge here is to get the significant experts in this field to agree on the steps to achieve security," Kreitner said. He admits that it's not an easy task, which is why so few such agreements have been reached. "Everybody has their own opinion," he said. What the group came up with is a series of specific technical actions designed to heighten security, recommended to all organizations that use Microsoft Windows 2000, a common operating system, although not the newest one. A software "scoring" program has been created by CIS members that would then check to ensure those settings are in place. The software, which also checks to see if patches are up to date, will be available free to anyone who wants it, said Kreitner, although it's not currently aimed at individuals. All CIS members, which cover many industries, were invited to participate in the creation of the standards. Several of the top technology executives in America, including Microsoft Corp.'s Bill Gates and Oracle Corp.'s Larry Ellison, this year have said they are also working to make their products tougher to break into. Shannon Kellogg, vice president of the Information Technology Association of America, a trade association, cautioned that the agreement would only be successful if it concentrates on performance-based standards, not on specific technologies that could stifle innovation. And, he added, it requires much more communication. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 01:04:11 PDT