[iwar] [fc:Cybersecurity-Research.Bill.Stalls.in.Senate]

From: Fred Cohen (fc@all.net)
Date: 2002-07-16 21:36:15


Return-Path: <sentto-279987-4997-1026880493-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 16 Jul 2002 21:37:08 -0700 (PDT)
Received: (qmail 27298 invoked by uid 510); 17 Jul 2002 04:34:12 -0000
Received: from n17.grp.scd.yahoo.com (66.218.66.72) by all.net with SMTP; 17 Jul 2002 04:34:12 -0000
X-eGroups-Return: sentto-279987-4997-1026880493-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.193] by n17.grp.scd.yahoo.com with NNFMP; 17 Jul 2002 04:34:54 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 17 Jul 2002 04:34:53 -0000
Received: (qmail 18931 invoked from network); 17 Jul 2002 04:34:53 -0000
Received: from unknown (66.218.66.217) by m11.grp.scd.yahoo.com with QMQP; 17 Jul 2002 04:34:53 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 17 Jul 2002 04:34:53 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6H4aFC12122 for iwar@onelist.com; Tue, 16 Jul 2002 21:36:15 -0700
Message-Id: <200207170436.g6H4aFC12122@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 16 Jul 2002 21:36:15 -0700 (PDT)
Subject: [iwar] [fc:Cybersecurity-Research.Bill.Stalls.in.Senate]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

Cybersecurity-Research Bill Stalls in Senate

By DAN CARNEVALE
<a href="http://chronicle.com/free/2002/07/2002071202t.htm">http://chronicle.com/free/2002/07/2002071202t.htm>
The Chronicle of Higher Education

Washington

A bill to expand research on securing computer networks from hackers has
stalled in the Senate because critics have denounced provisions that
would require federal agencies to adopt technology-security standards.

A vote on the bill is being postponed while senators and lobbyists for
the technology industry negotiate the language of the security
standards. The proposed standards aren't likely to affect university
researchers, observers say. But some higher-education officials fear
that, if the standards are put into place, colleges could face similar
standards down the road.

The bill, S 2182, would authorize $978-million in grants over five years
to study how to protect computer networks from terrorists and hackers.
The National Science Foundation and the National Institute of Standards
and Technology would award the grants.

Sen. John Edwards, a North Carolina Democrat, has added an amendment to
the bill requiring the National Institute of Standards and Technology to
develop computer-security standards for all government agencies.

The legislation has cleared the Senate Committee on Commerce, Science,
and Transportation, and it is awaiting consideration by the full Senate.
The House version, HR 3394, has already been passed by the House of
Representatives, but that version didn't include the security
requirements.

Representatives from the technology industry, including the Information
Technology Association of America and the Business Software Alliance,
have criticized the addition of the security standards. Although the
organizations applaud the proposal to increase cybersecurity research,
they fear that the security standards could restrict what technology the
government could use and inhibit business-government relationships.

Jeff Grove, director of public policy for the Association for Computing
Machinery, a scholarly society, said members of the computer industry
wanted the bill's wording changed so that it would not restrict what
technology companies could use.

But Carlos Monje, deputy press secretary for Senator Edwards, said the
proposal for benchmarks was not meant to restrict technology but to
secure it. "The most important thing to remember about the best
practices is that they aren't binding to a particular program," he said.
"They're what we would call technology neutral."

Another aide to Mr. Edwards said the senator had considered applying the
standards to grantees, including university researchers, but encountered
too much resistance.

Negotiations are under way to make the language more appealing to
critics, the aide said. There was no indication of when the bill would
be ready for Senate consideration.

Eugene H. Spafford, director of the Center for Education and Research in
Information Assurance and Security at Purdue University, said that with
security standards being proposed for government agencies, university
researchers could soon be required to follow them, too.

"There are many people who have advocated for that," Mr. Spafford said.
"And this could be a first step for that. The amendment as worded raises
some concerns, and the possible creep raises larger concerns."

Although research security is important, he said, the federal government
should not dictate how any agency secures its network. "What I'm
concerned about with one-size-fits-all standards is that they can do
more harm than good," Mr. Spafford said.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Save on REALTOR Fees
http://us.click.yahoo.com/Xw80LD/h1ZEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT