A washingtonpost.com article from: rpetersen () educause edu

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

You have been sent this message from rpetersen () educause edu as a courtesy of the Washington Post - 
http://www.washingtonpost.com

 Anyone following this effort to set guidelines to protect against hacking?  It is a government and industry effort 
coordinated by the Center for Internet Security (CIS), although it is unclear to me whether or not higher education has 
played any direct role in conversations to date.

Rodney Petersen

 To view the entire article, go to http://www.washingtonpost.com/wp-dyn/articles/A15910-2002Jul16.html

 Computer Security Standards Ready

 By Shannon Henry


  In a high-tech, high-powered version of a neighborhood watch, a group of government agencies and private businesses 
plan to announce today a common set of standards and software to fight computer hacking.

  The Pentagon, the National Security Agency, the National Institute of Standards and Technology, and other agencies 
are joining forces with such corporations as Intel Corp., Allstate Insurance Co., First Union Corp., Visa and Pacific 
Gas & Electric Co. to agree on technical actions to stem computer fraud and theft.

  "It's support for the homeland security strategy," said Clint Kreitner, president and chief executive of the Center 
for Internet Security (CIS), the nonprofit group of agencies and companies that is coordinating the effort. "We forged 
a technical consensus."

  The announcement comes as there is increased concern over computer security since Sept. 11. Computer hacking, much of 
which has been caused by mischievous teenagers, has become more pervasive and destructive. The perceived threat of 
cyber-terrorism from countries or terrorist groups has raised the stakes. Richard Clarke, who was appointed the 
nation's cyber-security  adviser late last year, has said he worries about a "digital Pearl Harbor," where the 
country's vital networks could be attacked.

  While some government agencies and corporations have installed rigorous security provisions, others lag behind, 
failing to use even commonly available patches. There has not even been a commonly agreed-upon set of fixes to install; 
the decision about how a computer system will be protected usually falls to the person in charge of installing the 
protection.

  Representatives of those agreeing to the standards had an initial meeting on April 18, said Kreitner, that was 
followed by a flurry of e-mails.

   "The challenge here is to get the significant experts in this field to agree on the steps to achieve security," 
Kreitner said. He admits that it's not an easy task, which is why so few such agreements have been reached. "Everybody 
has their own opinion," he said.

  What the group came up with is a series of specific technical actions designed to heighten security, recommended to 
all organizations that use Microsoft Windows 2000, a common operating system, although not the newest one. A software 
"scoring" program has been created by CIS members that would then check to ensure those settings are in place. The 
software, which also checks to see if patches are up to date, will be available free to anyone who wants it, said 
Kreitner, although it's not currently aimed at individuals. All CIS members, which cover many industries, were invited 
to participate in the creation of the standards.

  Several of the top technology executives in America, including Microsoft Corp.'s Bill Gates and Oracle Corp.'s Larry 
Ellison, this year have said they are also working to make their products tougher to break into.

  Shannon Kellogg, vice president of the Information Technology Association of America, a trade association, cautioned 
that the agreement would only be successful if it concentrates on performance-based standards, not on specific 
technologies that could stifle innovation. And, he added, it requires much more communication.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.