Educause Security Discussion mailing list archives
A washingtonpost.com article from: rpetersen () educause edu
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Wed, 17 Jul 2002 23:30:10 -0400
You have been sent this message from rpetersen () educause edu as a courtesy of the Washington Post - http://www.washingtonpost.com Anyone following this effort to set guidelines to protect against hacking? It is a government and industry effort coordinated by the Center for Internet Security (CIS), although it is unclear to me whether or not higher education has played any direct role in conversations to date. Rodney Petersen To view the entire article, go to http://www.washingtonpost.com/wp-dyn/articles/A15910-2002Jul16.html Computer Security Standards Ready By Shannon Henry In a high-tech, high-powered version of a neighborhood watch, a group of government agencies and private businesses plan to announce today a common set of standards and software to fight computer hacking. The Pentagon, the National Security Agency, the National Institute of Standards and Technology, and other agencies are joining forces with such corporations as Intel Corp., Allstate Insurance Co., First Union Corp., Visa and Pacific Gas & Electric Co. to agree on technical actions to stem computer fraud and theft. "It's support for the homeland security strategy," said Clint Kreitner, president and chief executive of the Center for Internet Security (CIS), the nonprofit group of agencies and companies that is coordinating the effort. "We forged a technical consensus." The announcement comes as there is increased concern over computer security since Sept. 11. Computer hacking, much of which has been caused by mischievous teenagers, has become more pervasive and destructive. The perceived threat of cyber-terrorism from countries or terrorist groups has raised the stakes. Richard Clarke, who was appointed the nation's cyber-security adviser late last year, has said he worries about a "digital Pearl Harbor," where the country's vital networks could be attacked. While some government agencies and corporations have installed rigorous security provisions, others lag behind, failing to use even commonly available patches. There has not even been a commonly agreed-upon set of fixes to install; the decision about how a computer system will be protected usually falls to the person in charge of installing the protection. Representatives of those agreeing to the standards had an initial meeting on April 18, said Kreitner, that was followed by a flurry of e-mails. "The challenge here is to get the significant experts in this field to agree on the steps to achieve security," Kreitner said. He admits that it's not an easy task, which is why so few such agreements have been reached. "Everybody has their own opinion," he said. What the group came up with is a series of specific technical actions designed to heighten security, recommended to all organizations that use Microsoft Windows 2000, a common operating system, although not the newest one. A software "scoring" program has been created by CIS members that would then check to ensure those settings are in place. The software, which also checks to see if patches are up to date, will be available free to anyone who wants it, said Kreitner, although it's not currently aimed at individuals. All CIS members, which cover many industries, were invited to participate in the creation of the standards. Several of the top technology executives in America, including Microsoft Corp.'s Bill Gates and Oracle Corp.'s Larry Ellison, this year have said they are also working to make their products tougher to break into. Shannon Kellogg, vice president of the Information Technology Association of America, a trade association, cautioned that the agreement would only be successful if it concentrates on performance-based standards, not on specific technologies that could stifle innovation. And, he added, it requires much more communication. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- A washingtonpost.com article from: rpetersen () educause edu Rodney Petersen (Jul 17)
- <Possible follow-ups>
- Re: A washingtonpost.com article from: rpetersen () educause edu Gene Spafford (Jul 17)
- Re: A washingtonpost.com article from: rpetersen () educause edu Tracey Losco (Jul 18)