Return-Path: <sentto-279987-1999-1000787110-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 17 Sep 2001 21:26:12 -0700 (PDT) Received: (qmail 25592 invoked by uid 510); 18 Sep 2001 04:25:25 -0000 Received: from n12.groups.yahoo.com (216.115.96.62) by 204.181.12.215 with SMTP; 18 Sep 2001 04:25:25 -0000 X-eGroups-Return: sentto-279987-1999-1000787110-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n12.onelist.org with NNFMP; 18 Sep 2001 04:25:08 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 18 Sep 2001 04:25:10 -0000 Received: (qmail 12953 invoked from network); 17 Sep 2001 23:27:31 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 17 Sep 2001 23:27:31 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 17 Sep 2001 23:27:31 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id QAA19547 for iwar@onelist.com; Mon, 17 Sep 2001 16:27:31 -0700 Message-Id: <200109172327.QAA19547@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 17 Sep 2001 16:27:31 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Senate.committee.looks.into.IT.vulnerabilities] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Senate committee looks into IT vulnerabilities By Patrick Thibodeau, IDG, 9/17/2001 <a href="http://www.cnn.com/2001/TECH/internet/09/14/it.vulnerabilities.idg/index.html">http://www.cnn.com/2001/TECH/internet/09/14/it.vulnerabilities.idg/index.html> WASHINGTON (IDG) -- Not wasting any time, the U.S. Senate Governmental Affairs Committee Wednesday held a hearing on a key question in the wake of the attacks in New York and Washington: whether computer networks that run vital services are vulnerable to terrorism. The answer from two government witnesses is that government systems suffer from poor security, rely on buggy, commercial off-the-shelf software that creates risks and don't get security incident data from private sector companies that could help the government improve cyberprotection. "The private sector, for good reasons, does not always want to share information related to threats, what the risks may be, what kind of incidents that may have occurred in the past," said Joel Willemssen, who manages IT issues for the congressional watchdog agency, the General Accounting Office. Private-sector security data "can give us a sense of where we stand strategically and where our risks are at," said Willemssen. Willemssen and other government officials involved in critical infrastructure issues have voiced such concerns before. But they received renewed attention after Tuesday's attacks. The State, said Committee Chairman Joseph Lieberman (D-Conn.), has entered a "new era" in protecting national security, one that includes improving the nation's capability to protect critical systems from sophisticated cyberattacks. Wednesday's hearing on critical infrastructure had been scheduled prior to Tuesday's attacks. "Today, our hearts and minds are naturally focused on yesterday's tragedy, but it is important that the Senate continue with America's business, particularly as it affects America's security," said Lieberman. "Our enemies will increasingly strike this mighty nation at places where they believe we are not only dependent but unguarded. That is surely true of cyberspace infrastructure today." U.S. officials have been working to organize critical industrial and service sectors to develop information-sharing arrangements with each other as well as with the National Infrastructure Protection Center. But participation has been limited, in part, by concerns that sensitive corporate data might be publicly released. Sen. Robert Bennett (R-Utah), has introduced a bill -- a similar one has been introduced in the House -- that would offer protection to corporate data shared with the government. That bill "would be a great motivator to enable increased sharing of information between private and public sectors, which is absolutely critical," said Willemssen. Also faulted at the hearing was the reliability of commercial software. Roberta Gross, the inspector general for the National Aeronautics and Space Administration, accused vendors of shipping software with vulnerabilities. "If you want to talk about the public-private partnership, the private sector can start to be responsible," said Gross. "Off-the-shelf software cannot be coming on with vulnerabilities. There has got to be some warranties." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION, DELIVER TRANSPARENT PROTECTION, and More! http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:44 PDT