Educause Security Discussion mailing list archives

Re: A washingtonpost.com article from: rpetersen () educause edu

From: Tracey Losco <tracey.losco () NYU EDU>
Date: Thu, 18 Jul 2002 15:19:05 -0400

Hello Rodney,

Dartmouth's Institute for Security Studies is very involved from what
I remember...we've joined CIS here at NYU and we hope to start
getting more involved in their groups that come up with the
benchmarks that they dicuss in the article.

You ought to shoot Clint an email if you have any specific questions.
He is usually very happy to chat about what he's doing.

Take care,

Tracey



At 11:30 PM -0400 7/17/02, Rodney Petersen wrote:

You have been sent this message from rpetersen () educause edu as a
courtesy of the Washington Post - http://www.washingtonpost.com

 Anyone following this effort to set guidelines to protect against
hacking?  It is a government and industry effort coordinated by the
Center for Internet Security (CIS), although it is unclear to me
whether or not higher education has played any direct role in
conversations to date.

Rodney Petersen

 To view the entire article, go to
http://www.washingtonpost.com/wp-dyn/articles/A15910-2002Jul16.html

 Computer Security Standards Ready

 By Shannon Henry


  In a high-tech, high-powered version of a neighborhood watch, a
group of government agencies and private businesses plan to announce
today a common set of standards and software to fight computer
hacking.

  The Pentagon, the National Security Agency, the National Institute
of Standards and Technology, and other agencies are joining forces
with such corporations as Intel Corp., Allstate Insurance Co., First
Union Corp., Visa and Pacific Gas & Electric Co. to agree on
technical actions to stem computer fraud and theft.

  "It's support for the homeland security strategy," said Clint
Kreitner, president and chief executive of the Center for Internet
Security (CIS), the nonprofit group of agencies and companies that
is coordinating the effort. "We forged a technical consensus."

  The announcement comes as there is increased concern over computer
security since Sept. 11. Computer hacking, much of which has been
caused by mischievous teenagers, has become more pervasive and
destructive. The perceived threat of cyber-terrorism from countries
or terrorist groups has raised the stakes. Richard Clarke, who was
appointed the nation's cyber-security  adviser late last year, has
said he worries about a "digital Pearl Harbor," where the country's
vital networks could be attacked.

  While some government agencies and corporations have installed
rigorous security provisions, others lag behind, failing to use even
commonly available patches. There has not even been a commonly
agreed-upon set of fixes to install; the decision about how a
computer system will be protected usually falls to the person in
charge of installing the protection.

  Representatives of those agreeing to the standards had an initial
meeting on April 18, said Kreitner, that was followed by a flurry of
e-mails.

   "The challenge here is to get the significant experts in this
field to agree on the steps to achieve security," Kreitner said. He
admits that it's not an easy task, which is why so few such
agreements have been reached. "Everybody has their own opinion," he
said.

  What the group came up with is a series of specific technical
actions designed to heighten security, recommended to all
organizations that use Microsoft Windows 2000, a common operating
system, although not the newest one. A software "scoring" program
has been created by CIS members that would then check to ensure
those settings are in place. The software, which also checks to see
if patches are up to date, will be available free to anyone who
wants it, said Kreitner, although it's not currently aimed at
individuals. All CIS members, which cover many industries, were
invited to participate in the creation of the standards.

  Several of the top technology executives in America, including
Microsoft Corp.'s Bill Gates and Oracle Corp.'s Larry Ellison, this
year have said they are also working to make their products tougher
to break into.

  Shannon Kellogg, vice president of the Information Technology
Association of America, a trade association, cautioned that the
agreement would only be successful if it concentrates on
performance-based standards, not on specific technologies that could
stifle innovation. And, he added, it requires much more
communication.

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.


--
--------------------------------------------------------------------
Tracey Losco
Network Security Analyst                security () nyu edu
ITS - Network Services                  http://www.nyu.edu/its/security
New York University                     (212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

A washingtonpost.com article from: rpetersen () educause edu Rodney Petersen (Jul 17)
- <Possible follow-ups>
- Re: A washingtonpost.com article from: rpetersen () educause edu Gene Spafford (Jul 17)
- Re: A washingtonpost.com article from: rpetersen () educause edu Tracey Losco (Jul 18)