[ISN] Report shows holes in cybersecurity plan

From: InfoSec News (isn@private)
Date: Tue Jun 22 2004 - 03:58:22 PDT

  • Next message: InfoSec News: "[ISN] City firms still failing to guard WLans"

    http://www.govexec.com/dailyfed/0604/062104tdpm1.htm
    
    By William New
    National Journal's Technology Daily
    June 21, 2004
    
    A report sent to a House oversight committee last month details the
    Homeland Security Department's progress in implementing the national
    cybersecurity strategy issued early last year.
    
    The 35-page report, sent in reply to a request by the House Homeland
    Security Committee for a detailed account of the strategy's
    implementation, shows both progress and remaining work. There has been
    no formal progress report from the Bush administration since the
    strategy's release in January 2003.
    
    The report also breaks down the fiscal 2005 funding request for each
    item. The department's National Cyber Security Division is leading the
    implementation.
    
    The report shows that an assessment of vulnerabilities to critical
    infrastructures long sought by Congress is targeted for 2005, with a
    process for assessing Internet weaknesses due later this year.
    
    Perhaps the most touted accomplishment in the report is the
    establishment of a public-private structure for responding to
    national-level cyber incidents by designating the U.S. Computer
    Emergency Readiness Team (US-CERT) as the department's cybersecurity
    operational body. US-CERT, a long-respected operation at
    Carnegie-Mellon University, launched a national cyber-alert system in
    January.
    
    US-CERT now includes the former Federal Computer Incident Response
    Center (FedCIRC) transferred to Homeland Security from the General
    Services Administration. This summer, it is launching a private-public
    partnership involving the panorama of stakeholders in the critical
    infrastructure community, and this year the center will update various
    aspects of a "partner portal," a secure Web site for coordination and
    information sharing.
    
    Work remains on an "ambitious and necessary" mandate in the strategy
    to develop a round-the-clock cyber-response center, the department
    said. "There exist a number of active and planned projects within the
    [cybersecurity division] to locate and combine the correct mix of
    people, processes and technology needed to create this capability,"  
    the report said. For instance, a new "watch center" combining various
    functions is being built for early next year.
    
    The department is expanding the Critical Infrastructure Warning
    Information Network (CWIN), a private communications network for voice
    and data with no dependence on the Internet or public network. CWIN
    terminals have been installed in key government and industry network
    centers and in a United Kingdom facility. Other extensions are
    underway in the project, for which $12.8 million is requested for
    fiscal 2005.
    
    The Cyber Interagency Incident Management Group, created to coordinate
    intra-governmental preparedness and response operations, was created
    after the Livewire simulated terrorist attack exercise in October
    2003. A compromise amendment to the Homeland Security appropriations
    bill on the Senate floor this week would move more funding within the
    cybersecurity division's budget to cyber exercises, increasing that
    item from $1.85 million to $3.5 million, according to an
    administration official.
    
    The report describes a number of active exercises nationwide.
    
    The report also identifies issues related to: overcoming
    private-sector reluctance to share proprietary information with the
    government, authenticating electronic transactions, improving the
    security of government work "outsourced" to the private sector,
    securing wireless networks, improving state and local information
    sharing and analysis centers, and enhancing the ability to identify
    sources of cyber attacks.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Tue Jun 22 2004 - 06:30:37 PDT