Forwarded from: "eric wolbrom, CISSP" <ericat_private> http://www.usatoday.com/tech/news/computersecurity/2002-09-09-cybersecurity_x.htm 09/09/2002 WASHINGTON (AP) -- The Bush administration is considering creation of a fund that would combine tax dollars and money from the technology industry to pay for Internet security enhancements, according to internal documents from the government's effort to develop a national cyberprotection plan. Federal officials writing the plan, set to be disclosed this month, also are discussing sweeping new obligations on companies, universities, federal agencies and home users designed to enhance security of the Internet, according to more than 30 pages of working papers obtained by The Associated Press. The goal is to "empower all Americans to secure their portions of cyberspace," according to one document identified as an executive summary for the National Strategy to Secure Cyberspace. Other ideas under consideration include: * Improving security of wireless technologies, and prohibiting their use in some cases by federal workers. * Spending more to protect computer systems that help operate major utilities like water and power. * Studying ways to respond to cyberattacks when the source of the attacks cannot be distinguished immediately between a hostile government or teenage hacker. * Creating an industry testing center that would make sure software updates don't cause security problems. * Studying the creation of a new government network to handle communications and computing in case of Internet outages. A White House official cautioned Friday the ideas cited in the working papers are subject to change until President Bush approves them. Even then, recommendations would have to go through traditional policy and budget processes, which could include congressional approval, the official said. The administration circulated some draft language last week for review among federal agencies with instructions not to distribute it outside government, said one person familiar with the effort, speaking on condition of anonymity. An updated proposal is expected from the White House next week, with the plan's final release set for Sept. 18 at a news conference at Stanford University attended by FBI Director Robert Mueller and top administration officials. The plan is expected to include more than 80 recommendations and is being assembled by a U.S. advisory board headed by Richard Clarke, a top counterterrorism official in the Bush and Clinton administrations, and Howard Schmidt, a former senior executive at Microsoft. The group's working papers describe creation of a technology fund "to address those discreet technology areas that fall outside the purview of both industry and government and yet are critical to the future secure functioning of the Internet." The documents reviewed by the AP do not indicate whether the money would come from new taxes, grants or existing revenues, but they note that the fund could be "jointly financed by government and industry." One example cited in the internal documents that could be paid by the fund is development of highly secure versions of computer operating system software. The most popular operating systems are from Microsoft, Apple Computer and developers of the Linux software. Some proposals in the working documents already have been struck from the final plan, the White House official said. One would urge Internet providers to offer customers security software that would protect them from hackers. Clarke has previously endorsed that proposal in public appearances. In an unorthodox move drawing early praise among experts, the White House is placing some responsibility on home users for helping to secure the Internet, along with the nation's largest corporations and universities. Hackers increasingly have seized control of powerful, inexpensive home computers and high-speed residential Internet connections to attack others online or to hide illegal activities. To help home users, the administration is considering a national advertising campaign aimed at schools and other audiences on the importance of safe computing, according to the documents. The plan's working papers also recommend encouraging Internet providers to adopt a code of good conduct governing cooperation; and encouraging government to collect better information about cyberattacks and study whether harsher penalties for hacking are needed. _______________________________________________________________________ eric wolbrom, CISSP Safe Harbor Technologies President & CIO 190 Goldens Bridge Ct. Voice 914.767.9090 ext. 6000 Katonah, NY 10536 Fax 914.767.3911 http://www.shtech.net _______________________________________________________________________ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 04:38:28 PDT