[iwar] [fc:U.S..To.Curb.Computer.Access.By.Foreigners]

From: Fred Cohen (fc@all.net)
Date: 2002-03-07 05:20:50


Return-Path: <sentto-279987-4580-1015507381-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 07 Mar 2002 05:31:08 -0800 (PST)
Received: (qmail 20421 invoked by uid 510); 7 Mar 2002 13:28:49 -0000
Received: from n20.groups.yahoo.com (216.115.96.70) by all.net with SMTP; 7 Mar 2002 13:28:49 -0000
X-eGroups-Return: sentto-279987-4580-1015507381-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.189] by n20.groups.yahoo.com with NNFMP; 07 Mar 2002 13:08:26 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: unknown); 7 Mar 2002 13:23:00 -0000
Received: (qmail 6373 invoked from network); 7 Mar 2002 13:20:00 -0000
Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 7 Mar 2002 13:20:00 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.snv.yahoo.com with SMTP; 7 Mar 2002 13:19:59 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g27DKos31657 for iwar@onelist.com; Thu, 7 Mar 2002 05:20:50 -0800
Message-Id: <200203071320.g27DKos31657@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 7 Mar 2002 05:20:50 -0800 (PST)
Subject: [iwar] [fc:U.S..To.Curb.Computer.Access.By.Foreigners]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Los Angeles Times
March 7, 2002
U.S. To Curb Computer Access By Foreigners
Government: To boost security, some Defense Department work will be done
only by citizens.
By Charles Piller, Times Staff Writer
Sparked by heightened security concerns since the Sept. 11 terrorist
attacks, the Defense Department has begun laying the groundwork to ban
non-U.S. citizens from a wide range of computer projects.
The planned policy--slated for adoption within 90 days--extends restrictions
on foreign nationals handling secret information to "sensitive but
unclassified positions," which include the swelling numbers of contract
workers who process paychecks, write software, track supplies and maintain
e-mail systems.
The move comes amid a growing awareness of the vulnerability of government
computer systems in an era when software espionage and malicious hacking
have become commonplace.
The Defense Department's proposal, covering a work force that accounts for
one-third of federal civilian employees, would represent the most sweeping
implementation of the government's restrictions on foreign technology
workers. The much-smaller Justice Department instituted little-noticed
restrictions in July, and the Treasury Department has had a ban on
noncitizens working on its communications systems since 1998.
Officials said the restrictions are needed to get a handle on the
proliferation of foreign nationals who work on government computer systems,
but the plan has raised concerns that the government is being xenophobic and
shortsighted.
Experts said barring foreign nationals from certain computer projects opens
the prospect that key jobs will go unfilled because of a shortage of
qualified citizens--a situation exacerbated by the relatively small number
of U.S. students who pursue advanced technology degrees. Costs may also rise
sharply as higher-paid U.S. citizens replace foreign workers.
"You can easily create a critical manpower shortage," said Annalee Saxenian,
a professor of city and regional planning at UC Berkeley who has studied the
effect of immigrants on the technology industry. "There's probably no
company in Silicon Valley that doesn't have from 10% to 40% of their work
force who are foreign nationals. . . . [Defense Department officials may be]
boxing themselves into a situation where they will lose the best talent."
Even Richard A. Clarke, top cyber-security advisor to President Bush, views
the restrictions as a misguided priority.
"Rather than worry about what country somebody was born in, we ought to
focus on the design and the architecture of our information systems," he
said, adding that he supports the use of background checks, automatic
recorders that log keystrokes by programmers and stricter rules on
individuals changing data.
"In general, trying to restrict the [information technology] professional
that we use to American citizens is not going to be an effective approach,"
Clarke said. "The United States does not produce enough American citizens
who are IT-security-trained to operate our networks."
Computer Security Is Long-Standing Problem
Analysts long have warned about lax security in government computer systems.
"These [software] systems are wide open," said Ed Yourdon, an independent
expert in technology security policy. "The vast majority of bad things done
on computer systems are done by insiders--not teenage hackers in Moscow."
Two years ago, the General Accounting Office, the investigative arm of
Congress, studied the use of foreign contractors by federal agencies working
to fix year 2000 software problems. It found foreign nationals working on 85
contracts for "mission-critical" software. Yet several of the agencies
investigated lacked even rudimentary controls over contractors' work.
The Navy sent software or data associated with 36 mission-critical systems
to a foreign-owned contractor yet "could not readily determine how the code
and data were protected during and after transit to the contractor
facility," the GAO report said.
"In many instances, the [Defense Department] was not aware when some
programming changes were being done by a contractor who used foreign
nationals," said David L. McClure, who led the GAO study.
The Health and Human Services Department used software engineers from
Pakistan, Russia and Ukraine without performing background checks.
Similar lapses were found in the departments of Energy, Agriculture and
State, as well as NASA and other federal agencies. None of those agencies is
considering new restrictions in the use of foreign nationals, although some
require regular employees to be citizens.
The Defense Department previously had been developing a system of security
restrictions for foreign nationals working on unclassified computer
operations, but Sept. 11 prompted plans for more restrictive measures.
IT Work Routinely Given to Foreigners
"The IT business has become largely contractual, with programming and data
work being farmed out to areas where there is cheap labor," Pete Nelson, the
Defense Department's deputy director for personnel security, wrote in an
e-mail to The Times. "If this trend does not simultaneously take into
consideration security requirements, there would be reason for concern. Some
foreign nationals--those in the most sensitive position--may not be
permitted to remain."
Nelson said no details of the policy would be made public until it becomes
final.
The Defense Department had no estimate of how many noncitizens it has as
employees or contractors but acknowledged that the shift could prove costly.
Some major defense technology contractors also said they could not readily
estimate how many of their employees are foreign nationals. Industry experts
believe that thousands of jobs could be involved.
Major technology contractors, such as Science Applications International
Corp. in San Diego and Computer Sciences Corp. in El Segundo, said they can
meet any new Defense Department requirements.
Smaller contractors may have more difficulty doing so.
Indus Corp., a 300-employee technology contractor in Vienna, Va., that works
with the military and other government agencies, fulfills military contracts
without tapping its 40 to 45 employees who are not U.S. citizens, said Chief
Executive Shiv Krishnan.
"In the future, there may be opportunities we can't bid on because of the
dearth of available talent," said Krishnan, who came to the U.S. from India
to study and gained American citizenship 12 years ago.
Dan Kuehl, a professor of cyber-security at the National Defense University
in Washington, said any move to restrict unclassified tasks to U.S. citizens
could create a logistical nightmare.
Despite the high-tech recession, the country faces chronic shortages of
professionals who can manage the complex computer systems, databases and
networks prevalent in government agencies. The high-tech industry relies
heavily on Indian, Chinese and other Asian workers--a group that long has
complained about being unfairly targeted on issues of U.S. loyalty.
Those shortages prompted Congress to create a special visa program through
the Immigration Act of 1990 known as H-1B, which permitted more than 163,000
highly skilled foreign workers to take jobs in this country last year. Many
are employed by defense contractors.
A move away from using foreign nationals also could increase contracting
costs--building pressure on managers to make do with fewer tech
professionals, which would itself be a security liability, said John
Pescatore, a security analyst with GartnerGroup Inc.
Relatively few U.S. students are being trained to fill the gap, while
foreign student enrollment in technology programs at U.S. universities has
soared. From 1991 to 2000, 46% of U.S. doctoral degrees in computer science
were awarded to foreign students, the National Science Foundation said.
"The same security concerns are being expressed about the entire critical
infrastructure"--both government and private, Yourdon said. "We have foreign
nationals working in systems that control electrical power or move billions
of dollars around the financial systems or control trades on the Nasdaq."
But banning noncitizens from sensitive jobs may offer little assurance of
security, he said. Three of the most damaging espionage cases in U.S.
history--those of the CIA's Aldrich Ames, the FBI's Robert Philip Hanssen
and the Navy's Walker family spy ring--involved U.S. citizens who were
direct employees of the government and had access to classified computer
systems. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/nuyOHD/7.PDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:04 PST