[ISN] Tougher Cyber-Security Measures Urged

From: InfoSec News (isn@private)
Date: Tue Dec 07 2004 - 23:58:30 PST


http://www.washingtonpost.com/wp-dyn/articles/A45622-2004Dec7.html

By Brian Krebs
Special to The Washington Post
December 8, 2004

A group representing technology industry executives yesterday called
on the Bush administration to step up efforts to protect the nation's
computer and Internet infrastructure, and it proposed that the top
official in charge be given a higher profile.

The Cyber Security Industry Alliance urged the federal government to
elevate the position of national cyber-security director to the
assistant secretary level. The director now reports to an assistant
secretary who is responsible for both cyber and physical security
threats.

"There is not enough attention on cyber-security within the
administration," said Paul B. Kurtz, the alliance's director and a
former senior cyber-security official in the Bush administration. "The
executive branch must exert more leadership."

The alliance, an industry advocacy group that includes representatives
from companies that sell cyber-security software, hardware and
services, urged Bush to use his second term to focus more attention on
cyber-security. Kurtz was joined at yesterday's event by Amit Yoran,
the former director of Homeland Security's National Cyber Security
Division who resigned in September.

"We really have an opportunity here to address cyber-security in a
more aggressive fashion," said Yoran, who was the third high-level
cyber-security official to leave Homeland Security in 18 months.  
"There is broad unanimity across the cyber-security community that we
are still vulnerable and we need to do more."

The latest congressional effort to raise the profile of cyber-security
within the Homeland Security Department failed this week. House
leaders included language raising the cyber-security director's status
in a bill designed to overhaul the nation's intelligence community,
but the measure was stripped from the version of the legislation
agreed to by House and Senate negotiators.

The technology industry alliance's recommendations closely mirror
those set out in a 41-page report issued Monday by the House
subcommittee on cyber-security, part of the Committee on Homeland
Security. That report also calls for an assistant secretary post at
Homeland Security, and it urges the administration to consider tax
breaks and other incentives for businesses that make computer security
a top priority.

The congressional report and the recommendations released by the
technology industry group reflect growing frustration with the White
House's commitment to implement its cyber-security strategy. A
February 2003 report laid out the administration's vision for
protecting key areas of the Internet from digital sabotage as part of
a broader strategy for guarding vital U.S. assets.

The House Homeland Security Committee and the Cyber Security Industry
Alliance both want the department to match budget money to specific
cyber-security programs and to take the lead on creating a disaster
recovery and response plan should the United States suffer a
debilitating digital attack.

Both also want the White House to lean on the Senate to ratify the
Council of Europe's cyber-crime treaty to help law enforcement bring
more hackers and virus writers to justice and to dedicate more money
to long-term cyber-security research and development programs. In
addition, the administration should direct a federal agency to track
costs associated with cyber-attacks, an effort that experts said will
help drive a market for cyber-security risk insurance and help
companies make a stronger business case for investments in computer
security technologies.

Lawrence C. Hale, deputy director of Homeland Security's National
Cyber Security Division, defended the department's progress. He cited
the development of a program to find and fix vulnerabilities in
so-called "digital control systems," the technology used to manage
systems such as the power grid and chemical manufacturing processes.  
Hale added that the department has been working to expand national
emergency response plans to include cyber-security. He also said the
department has been instrumental in helping federal agencies respond
to and prevent computer attacks.

"Do we have a long way to go? Certainly. But I would say that we're
much better off than we were a year ago, and that both government and
industry have made great strides," Hale said.


Krebs is a staff writer for washingtonpost.com. Washingtonpost.com
staff writer Robert MacMillan contributed to this story.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 01:30:54 PST