Fighting Evil Hackers With Bucks

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/politics/0,1283,47479,00.html

By Declan McCullagh and Ben Polen 
2:00 a.m. Oct. 11, 2001 PDT  

WASHINGTON -- Worried about the threat of terrorists-turned-hackers,
members of a House panel spent Wednesday puzzling over how Congress
could improve computer security.

"What legislative and other steps are needed to increase the focus on
computer security?" Rep. Sherwood Boehlert (R-New York), chairman of
the House Science committee, asked at a "cybersecurity" hearing.

Boehlert added: "We want to focus on real, concrete problems and
develop specific solutions."
 
In truth, there's not much that Congress can do: America's computer
security is in the hands of geeks more inclined to read Slashdot than
the Federal Register. Because security relies on technologies like
firewalls and bug fixes, the government's role has been limited to
indirect mechanisms like tax cuts and federal grants.

Politicians may not know the difference between a byte and a nibble,
but they are experts in spending money. And during the aftermath of
the deadly Sept. 11 attacks, legislators seem willing to sign
unusually fat checks.

"No federal funding agency has assumed responsibility for supporting
basic research in this area -- not DARPA, not the NSF, not the
Department of Energy, not the NSA," complained William Wulf, a
professor of engineering and applied science at the University of
Virginia who testified at the hearing.

Wulf was referring to the Defense Advanced Research Projects Agency,
the National Science Foundation and the National Security Agency.

Wulf said that it wasn't a temporary budget increase that was
necessary -- but a permanent one. "Don't think it's an issue of a lot
of money but some type of guarantee of long-term money," he said.

While the Sept. 11 hijackers did use the Internet to book airplane
tickets, according to police reports, there's no public evidence that
they or accused mastermind Osama bin Laden ever planned on attacking
websites. But even in the absence of evidence, politicians are doing
anything they can to increase security in all aspects of American
life.

The National Science Foundation already has a scholarship program that
pays for two years of computer science university education in
exchange for two years of federal service after graduation.

But Eugene Spafford, professor of computer science at Purdue
University, said his school had unfilled slots for the program.
Spafford said his students are more attracted to the corporate world
where "they get paid higher salaries for doing the same work."

Another idea, offered by Terry Benzel, a vice president at Network
Associates, was for the feds to create a program for "more senior and
experienced people to rotate in, who have an understanding of the
contributions we can make."

Benzel suggested that the newly created Office of Homeland Security
should be responsible. "We need a new organization which can benefit
from some of the best and brightest," he said. "Coordination is
difficult and setting an agenda and road map will require significant
investment. It would be a good task to assign to the Office of
Homeland Security."

Rep. Vernon Ehlers (R-Michigan) offered his own suggestion for
improving America's computer security: Use a Mac. "I own a Macintosh.
I got through Y2K -- I didn't even think about it. And I've never had
any problems with viruses. Maybe there's a lesson to be learned."

Separately on Wednesday, President Bush's new cyberspace security
adviser announced plans for a secure network for government use.
Richard Clarke said the network would be called GOVNET -- and would
not be connected to the Internet because of the hacker-terrorist
threat.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.