Re: Infosec research bill amended

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Forno <rforno () infowarrior org>

> http://www.fcw.com/fcw/articles/2002/0520/web-cyber-05-21-02.asp
>
> By Diane Frank 
> May 21, 2002 

> The standards would be "a baseline minimum security configuration
> for specific computer hardware or software components, an
> operational procedure or practice, or organizational structure that
> increases the security of the information technology assets of a
> department or agency," according to the amendment.

I find it hysterical - and sad - that such a common-sense 'baseline'
of what is essentially a crack at 'best practices requirements' for
federal systems was an 'amendment' to a piece of legislation and not
an original component.

Sort of like an afterthought. These Hill folks *still* don't get it.

> Working through the National Science Foundation and the National
> Institute of Standards and Technology, the bill would inject more
> than $900 million into security research, grants, training and
> education during five years. Such investment is something educators
> and researchers have often called for in recent years.

Yep, more LONG-TERM projects. What about the HERE and NOW problems we
already know about?

> However, the committee had no intention to set technology-specific
> standards that could stand in the way of innovation or new
> technologies, according to one staff member who asked not to be
> named.

Good - PKI and smart-cards - while popular and oft-hyped solutions -
are essentially snake-oil in most of the large deployments I've seen,
doing little to really, truly, increase the level of effective
security. However, they could've said something about not using
certain operating systems and applications until certified truly
secure and stable than they currently are.  :)  Not surprising they
didn't, though.

rick
infowarrior.org



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.