[iwar] [fc:Bush's.Cyber-Security.Plan.Targets.E-Mail]

From: Fred Cohen (fc@all.net)
Date: 2002-08-26 21:23:52


Return-Path: <sentto-279987-5257-1030422205-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 26 Aug 2002 21:26:10 -0700 (PDT)
Received: (qmail 3971 invoked by uid 510); 27 Aug 2002 04:21:38 -0000
Received: from n15.grp.scd.yahoo.com (66.218.66.70) by all.net with SMTP; 27 Aug 2002 04:21:38 -0000
X-eGroups-Return: sentto-279987-5257-1030422205-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.96] by n15.grp.scd.yahoo.com with NNFMP; 27 Aug 2002 04:23:26 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_1_0_1); 27 Aug 2002 04:23:25 -0000
Received: (qmail 811 invoked from network); 27 Aug 2002 04:23:25 -0000
Received: from unknown (66.218.66.218) by m13.grp.scd.yahoo.com with QMQP; 27 Aug 2002 04:23:25 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 27 Aug 2002 04:23:24 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7R4NqZ15371 for iwar@onelist.com; Mon, 26 Aug 2002 21:23:52 -0700
Message-Id: <200208270423.g7R4NqZ15371@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 26 Aug 2002 21:23:52 -0700 (PDT)
Subject: [iwar] [fc:Bush's.Cyber-Security.Plan.Targets.E-Mail]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

Bush's Cyber-Security Plan Targets E-Mail
Date:  Monday, 26 August 2002
<a href="http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8821">http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8821>


Source:  eWeek Media

Story:  In an effort to bolster the nation's cyber-security, the Bush
administration has plans to create a centralized facility for collecting
and examining security-related e-mail and data and will push private
network operators to expand their own data gathering, according to an
unreleased draft of the plan. The proposed cyber-security Network
Operations Center is included in a draft of The National Strategy to
Secure Cyberspace, which was developed by the president's Critical
Infrastructure Protection Board with input from the private sector and
is due to be released Sept. 18.

The call for expanded data collection and analysis results from
administration concerns that efforts to secure cyber-space are hampered
by the lack of a single point of data collection to detect
cyber-security incidents and issue rapid warnings, according to the
draft strategy, obtained by eWEEK. Critics, however, worry that such a
system would be expensive and difficult to manage, and would allow
government agencies to expand their surveillance powers.

Other recommendations include restricting the use of wireless
technologies by government agencies; requiring corporations to disclose
their IT security practices; establishing a "test bed" for multivendor
patches; creating a certification program for security personnel; and
mandating certifications for all federal IT purchases.

Howard Schmidt, vice chairman of the PCIPB, said that the center would
consolidate threat data from the country's collection end points, such
as the FBI's National Infrastructure Protection Center, the Critical
Infrastructure Assurance Office, the Department of Energy and commercial
networks. Private companies would be encouraged to increase the amount
of data collected and share it with the government.

"Major companies generally report this information internally," Schmidt
told eWEEK. "We're looking for that to come back to a central location."

According to the draft strategy, the public/private initiative would
involve the major ISPs, hardware and software vendors, IT security
companies, and Computer Emergency Response Teams, in addition to law
enforcement and other agencies.

Some feel that the government's internecine rivalries and
information-sharing rules will hamstring any attempt at centralized
collection and analysis.

"There are such high barriers in government to being able to disseminate
information and adjusting the environment to react to threats, I don't
think it will have much impact," said William Harrod, director of
investigative response at TruSecure Corp. in Herndon, Va., and a former
FBI computer forensic specialist. "They'll have different information
coming in from different analysts, and they'll have to weed through it."

The proposed strategy recommends that the center be partially federally
funded, but it would inevitably impose new costs on the private sector
without commensurate benefits, critics charged.

"Government doesn't have a good track record when it comes to collecting
and disseminating massive volumes of data," said Kevin Baradet, network
systems director at Cornell University's Johnson Graduate School of
Management in Ithaca, N.Y. "We could be drowning in data, most of it
noise."

Then there are the privacy concerns.

"Whatever the federal government wants to do with its own data is OK
with me as long as it doesn't waste my personal and corporate tax
dollars," said Karl Keller, president of custom software developer IS
Power Inc., in Thousand Oaks, Calif. "The privacy aspects, however,
concern me greatly. This sounds like a dramatic and evil expansion of
Echelon and Carnivore."

The strategy also calls on the FBI, Secret Service and Federal Trade
Commission to establish a single system for corporations to report
Internet fraud and extortion, illegal hacking, and unauthorized network
intrusions. It recommends that the federal government systematically
collect data on cybercrime victims and cyber-intrusions from businesses.
The administration hopes to assuage industry fears by recommending
legislative changes--including exemptions from Freedom of Information
Act requirements and exemption from antitrust laws--that would reduce
liability for companies turning over communications to law enforcement.


Bush's Cyber-Security Plan Targets E-Mail

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT