[iwar] [fc:Computer.Security,.Biometrics.Dominate.NIST.Agenda]

From: Fred Cohen (fc@all.net)
Date: 2002-01-23 06:47:00


Return-Path: <sentto-279987-4368-1011797190-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 23 Jan 2002 06:57:08 -0800 (PST)
Received: (qmail 19711 invoked by uid 510); 23 Jan 2002 14:54:45 -0000
Received: from n28.groups.yahoo.com (216.115.96.78) by all.net with SMTP; 23 Jan 2002 14:54:45 -0000
X-eGroups-Return: sentto-279987-4368-1011797190-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.162] by n28.groups.yahoo.com with NNFMP; 23 Jan 2002 14:46:31 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 23 Jan 2002 14:46:30 -0000
Received: (qmail 77426 invoked from network); 23 Jan 2002 14:46:30 -0000
Received: from unknown (216.115.97.172) by m8.grp.snv.yahoo.com with QMQP; 23 Jan 2002 14:46:30 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta2.grp.snv.yahoo.com with SMTP; 23 Jan 2002 14:46:30 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0NEl1Q29858 for iwar@onelist.com; Wed, 23 Jan 2002 06:47:01 -0800
Message-Id: <200201231447.g0NEl1Q29858@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 23 Jan 2002 06:47:00 -0800 (PST)
Subject: [iwar] [fc:Computer.Security,.Biometrics.Dominate.NIST.Agenda]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Computer Security, Biometrics Dominate NIST Agenda

By Brian Krebs, Newsbytes, 1/22/02
<a href="http://www.newsbytes.com/news/02/173706.html">http://www.newsbytes.com/news/02/173706.html>

The events of Sept. 11 and the subsequent anthrax attacks have caused a
major shift in priorities for the National Institute of Standard &amp;
Technology, prompting the agency to double its efforts to develop new
standards for everything from security scanners to biometrics to
computer security, the agency's new chief said today.

NIST Director Arden Bement said while many of the projects were begun
prior to Sept. 11, the non-regulatory agency's new role in the Bush
administration's Homeland Security initiative has added a sense of
urgency to the mix.

"September 11 really focused our activities and gave them a sense of
immediacy," Bement said in a meeting with reporters today. "Our primary
goal now is to take whatever technologies are available for application
and to develop standards and test methods (that will) make them
available to the public as quickly as possible."

Bement said NIST is just a few months away from announcing a new
biometric standard that will be used to confirm the identity of people
seeking U.S. visas or using a visa to enter the United States.

NIST also is working with the Biometric Consortium, which represents
hundreds of companies that are developing technologies to identify
people by their individual physical characteristics, such as
thumbprints, facial recognition technology, iris and retinal scans.

The biometric standards chosen by NIST could allow one or two
technologies to gain early adoption and a strong foothold in an
increasingly crowded market. Bement said biometric identifiers are being
considered as a prerequisite for entry into government buildings, and
the states are pushing ahead on a plan to link an as yet undetermined
biometric technology to identity cards and driver's licenses.

NIST also is working to develop more effective security standards for
wireless communication networks, and is prepared to assume an even
greater role in developing computer security standards for the federal
government.

"I expect that role will expand significantly," Bement said.

NIST recently released an updated standard for encryption technology
that will soon be used to beef up security for a range of electronic
transactions, from e-mail to e-commerce to ATM withdrawals.

The agency also is bracing for more responsibility over the computer
security standards adopted by the federal civilian agencies.

Rep. Tom Davis, R-Va., chairman of the House Government Reform
subcommittee on technology and procurement policy, is drafting
legislation to reauthorize the Government Information Security Reform
Act, a law passed in November 2000 that requires federal agencies to
assess and test the security of their non-classified information
systems.

Davis plans to add a provision to the bill that would require NIST to
establish minimum technology and security standards that all agencies
must follow.

NIST also is crafting new standards to protect the nation's most
critical infrastructures, Bement said. The software that monitors and
regulates the distribution of juice over the national power grid, for
example, is not yet completely integrated.

"Grid control is a major issue now ... because a lot of the monitoring
of power flows on the grid is done with different types of software and
standards," Bement said. "There's a fair amount of work necessary to
raise the level of security so it can't be taken down by hackers or
otherwise interrupted."

In addition, NIST has helped to re-assess standards for machines that
irradiated mail in the wake of last year's anthrax attacks, and is
reviewing standards that will govern some 2,000 new metal detectors to
be installed at the nation's airports.

While NIST is eager to have many of its new security standards adopted
by companies in the private sector, the future of the Advanced
Technology Program - the Commerce Department arm that provides support
for moving experimental technologies from the laboratory into the
marketplace - remains in question.

Many House lawmakers have for years advocated terminating the ATP, and
Commerce Secretary Donald Evans has said he would like to see the ATP
recoup more of its investment from private sector companies.

Benjamin Wu, deputy undersecretary for technology at Commerce, said
Evans has come to recognize that the program has its merits.

"He feels strongly that - irrespective of the funding issues - the
reforms he would like to propose will help bring stability to the
program," Wu said.

Bement said he was optimistic that NIST would get all the funding it
needs to handle its expanded role.

"There are a number of pending bills that not only better define this
role with regards to homeland security but also provide additional
funding," he said. "So far, we've got a pretty big plate of activities,
and we're prepared to even do more."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
When building an e-commerce site, you want to start with a
secure foundation. Learn how with VeriSign's FREE Guide.
http://us.click.yahoo.com/oCuuSA/XdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST