Return-Path: <sentto-279987-5052-1027790835-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 27 Jul 2002 10:30:08 -0700 (PDT) Received: (qmail 17831 invoked by uid 510); 27 Jul 2002 17:26:16 -0000 Received: from n39.grp.scd.yahoo.com (66.218.66.107) by all.net with SMTP; 27 Jul 2002 17:26:16 -0000 X-eGroups-Return: sentto-279987-5052-1027790835-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.94] by n39.grp.scd.yahoo.com with NNFMP; 27 Jul 2002 17:27:15 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 27 Jul 2002 17:27:14 -0000 Received: (qmail 74859 invoked from network); 27 Jul 2002 17:27:14 -0000 Received: from unknown (66.218.66.217) by m1.grp.scd.yahoo.com with QMQP; 27 Jul 2002 17:27:14 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 27 Jul 2002 17:27:14 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6RHTRi31111 for iwar@onelist.com; Sat, 27 Jul 2002 10:29:27 -0700 Message-Id: <200207271729.g6RHTRi31111@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 27 Jul 2002 10:29:27 -0700 (PDT) Subject: [iwar] [fc:Cybersecurity.confusion.hampers.government] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: <a href="http://www.infoworld.com/articles/hn/xml/02/07/23/020723hngaostudy.xml">http://www.infoworld.com/articles/hn/xml/02/07/23/020723hngaostudy.xml>Infoworld July 23, 2002 09:17 AM Cybersecurity confusion hampers government By Sam Costello U.S. CYBERSECURITY POLICY and the protection of critical infrastructure is being hampered by a failure to communicate between the large number of federal organizations which have responsibilities in the area. Adding to the chaos are ill-defined relationships between the groups, according to a new report released Monday by the U.S. General Accounting Office (GAO). "Without a strategy that identifies responsibilities and relationships for all cyber [critical infrastructure protection] efforts, our nation risks not having the appropriate structure to deal with the growing threat of computer-based attacks on its critical infrastructures," the report concluded. The GAO, which acts as the investigative arm of Congress, found that there are at least 50 federal organizations that have responsibilities related to cyber critical infrastructure protection (CIP), including five advisory committees, six Executive Office of the President organizations, 38 executive branch organizations associated with departments, agencies or intelligence organizations and three other organizations. These bodies come from a wide range of government organizations, including the Office of Management and Budget, the U.S. Federal Communication Commission, the U.S. Department of Defense, the U.S. Department of Justice, the U.S. Environmental Protection Agency, the Federal Emergency Management Agency, the U.S. General Services Administration, the report said. Communications channels are not adequately established between the organizations, according to the report. Though some of the bodies were able to identify their relationship to other organizations generally, "relationships among all organizations performing similar activities were not consistently established," the report found. One example of the confusion about the function of different organizations among the various groups cited in the report concerns the National Infrastructure Protection Center (NIPC), the cybersecurity wing of the U.S. Federal Bureau of Investigation. "Discussions with officials in defense, intelligence and civilian agencies involved in CIP ... showed that their views of the NIPC's roles and responsibilities differed from one another," though the NIPC's role should be clear, according to the report. The communication issue and the definition of roles is set to be addressed by the President's Critical Infrastructure Protection Board in a national cyber CIP strategy set to be released in September, the report said. In its report, the GAO recommended that the strategy should define "key federal agencies' roles and responsibilities associated with each sector, and [define] the relationships among key CIP organizations." The GAO has been a constant proponent of better cybersecurity in recent years through the audits of a number of government agencies. In February, it released a report that called the Department of the U.S. Treasury's security measures "ineffective in identifying, deterring and responding to computer control weaknesses promptly." The GAO also criticized the NIPC in May 2001, saying that the body failed to provide timely warnings of computer attacks. The full GAO report can be found on the organization's Web site at <a href="http://www.gao.gov/new.items/d02474.pdf">http://www.gao.gov/new.items/d02474.pdf>. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Will You Find True Love? Will You Meet the One? Free Love Reading by phone! http://us.click.yahoo.com/7dY7FD/R_ZEAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT