[ISN] Computer Security Standards Ready

From: InfoSec News (isnat_private)
Date: Wed Sep 04 2002 - 22:42:22 PDT

  • Next message: InfoSec News: "[ISN] Defacement archives inaccessible"

    By Shannon Henry
    Washington Post Staff Writer
    Wednesday, July 17, 2002; Page E05 
    In a high-tech, high-powered version of a neighborhood watch, a group
    of government agencies and private businesses plan to announce today a
    common set of standards and software to fight computer hacking.
    The Pentagon, the National Security Agency, the National Institute of
    Standards and Technology, and other agencies are joining forces with
    such corporations as Intel Corp., Allstate Insurance Co., First Union
    Corp., Visa and Pacific Gas & Electric Co. to agree on technical
    actions to stem computer fraud and theft.
    "It's support for the homeland security strategy," said Clint
    Kreitner, president and chief executive of the Center for Internet
    Security (CIS), the nonprofit group of agencies and companies that is
    coordinating the effort. "We forged a technical consensus."
    The announcement comes as there is increased concern over computer
    security since Sept. 11. Computer hacking, much of which has been
    caused by mischievous teenagers, has become more pervasive and
    destructive. The perceived threat of cyber-terrorism from countries or
    terrorist groups has raised the stakes. Richard Clarke, who was
    appointed the nation's cyber-security adviser late last year, has said
    he worries about a "digital Pearl Harbor," where the country's vital
    networks could be attacked.
    While some government agencies and corporations have installed
    rigorous security provisions, others lag behind, failing to use even
    commonly available patches. There has not even been a commonly
    agreed-upon set of fixes to install; the decision about how a computer
    system will be protected usually falls to the person in charge of
    installing the protection.
    Representatives of those agreeing to the standards had an initial
    meeting on April 18, said Kreitner, that was followed by a flurry of
    "The challenge here is to get the significant experts in this field to
    agree on the steps to achieve security," Kreitner said. He admits that
    it's not an easy task, which is why so few such agreements have been
    reached. "Everybody has their own opinion," he said.
    What the group came up with is a series of specific technical actions
    designed to heighten security, recommended to all organizations that
    use Microsoft Windows 2000, a common operating system, although not
    the newest one. A software "scoring" program has been created by CIS
    members that would then check to ensure those settings are in place.  
    The software, which also checks to see if patches are up to date, will
    be available free to anyone who wants it, said Kreitner, although it's
    not currently aimed at individuals. All CIS members, which cover many
    industries, were invited to participate in the creation of the
    Several of the top technology executives in America, including
    Microsoft Corp.'s Bill Gates and Oracle Corp.'s Larry Ellison, this
    year have said they are also working to make their products tougher to
    break into.
    Shannon Kellogg, vice president of the Information Technology
    Association of America, a trade association, cautioned that the
    agreement would only be successful if it concentrates on
    performance-based standards, not on specific technologies that could
    stifle innovation. And, he added, it requires much more communication.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 01:04:11 PDT