[ISN] A Pared-Back Security Initiative

From: InfoSec News (isnat_private)
Date: Tue Jan 07 2003 - 01:29:23 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Building Linux Virtual Private Networks (VPNs)", Oleg Kolesnikov/Brian Hatch"

    Forwarded from: William Knowles <wkat_private>
    By Ted Bridis
    Associated Press
    Tuesday, January 7, 2003
    The Bush administration has reduced by nearly half its initiatives to
    tighten security for vital computer networks, giving more
    responsibility to the new Department of Homeland Security and
    eliminating an earlier proposal to consult regularly with privacy
    An internal draft of the administration's upcoming plan to improve
    cybersecurity also no longer includes a number of voluntary proposals
    for America's corporations to improve security, focusing instead on
    suggestions for U.S. government agencies, such as a broad new study
    assessing risks.
    "Governments can lead by example in cyberspace security," the draft
    The draft, circulating among government offices and industry
    executives this week, was obtained by the Associated Press. President
    Bush was expected to sign the plan, called the National Strategy to
    Secure Cyberspace, and announce the proposals within several weeks.
    The new draft pares the number of security proposals from 86 to 49.  
    Among the draft's changes was the removal of an explicit
    recommendation for the White House to consult regularly with privacy
    advocates and other experts about how civil liberties might be
    affected by proposals to improve Internet security.
    The draft notes that "care must be taken to respect privacy interests
    and other civil liberties." It also noted that the new Homeland
    Security Department will include a privacy officer to ensure that
    monitoring the Internet for attacks would balance privacy and civil
    liberties concerns.
    "It's perplexing," said James X. Dempsey of the Washington-based
    Center for Democracy and Technology. "This administration is
    constantly on the receiving end of criticism on privacy issues. This
    looks like another example of willfully raising privacy concerns. They
    should know better by now."
    An official for the White House cybersecurity office declined to
    comment, saying the latest draft hasn't yet been published.
    The draft obtained by the AP puts the new Homeland Security Department
    squarely in the role of improving Internet security, proposing to use
    it to launch some test attacks against civilian U.S. agencies and to
    improve the safety of automated systems that operate the nation's
    water, chemical and electrical networks.
    The new version also makes it more clear than ever that the Defense
    Department can wage "cyber warfare" if the nation is attacked. The
    administration said previously that government "should continue to
    reserve the right to respond in an appropriate manner."
    The new draft cautions that it can be difficult or even impossible to
    trace an attack's source. But it warns that the government's response
    "need not be limited to criminal prosecution." The new version also
    puts new responsibilities on the CIA and FBI to disrupt other
    countries' use of computer tactics to collect intelligence on
    government agencies, companies and universities.
    The administration published an early version of its plan in September
    -- weeks before Congress voted to create the Homeland Security
    Department -- with 86 recommendations for home users, small
    businesses, corporations, universities and government agencies.
    Critics, even the InfraGard national organization of private security
    experts established by the FBI, seized on the lack of new regulations
    that would have mandated better security practices but could have
    required America's largest corporations to spend millions for
    "We felt that there was a significant security improvement that could
    be made most easily through regulation," the InfraGard group wrote to
    the White House. "In many cases the deeply held conclusion was that
    the same result could not be reached in the absence of new
    The draft, however, continues to challenge the need for any new
    regulations, saying mandates for private industry would violate the
    nation's "traditions of federalism and limited government." It said
    broad regulations would hamstring security by creating a
    "lowest-common-denominator approach" and could result in even worse
    "Communications without intelligence is noise;  Intelligence 
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 05:00:46 PST