IP: U.S. Cyber Chief to Map Infrastructure for Security and forces patches down our throats (see last para)

[David Farber <dave () farber net>]

> Tuesday December 4 5:36 PM ET
>
> U.S. Cyber Chief to Map Infrastructure for Security
>
>
>
> By Andy Sullivan
>
> WASHINGTON (Reuters) - The U.S. government plans to develop a model of the 
> nation's railroads, gas pipelines, telecommunications networks and other 
> ``critical infrastructures'' to better understand how they affect each 
> other, the nation's top cybersecurity chief said on Tuesday.
>
> As part of its efforts to beef up homeland security, the federal 
> government will set up a national center for infrastructure simulation and 
> analysis in January, said Richard Clarke, chairman of President Bush's 
> Critical Infrastructure Protection Board.
>
> ``The center will create, if you will, an acupuncture map of the country, 
> so that if there is a fire in a railroad tunnel in Baltimore, we know the 
> Internet slows down in Chicago,'' Clarke told a gathering of high-tech 
> executives at the Business Software Alliance's first Global Tech Summit.
>
> The simulation is another attempt by the federal government to secure the 
> nation's sprawling telecommunications networks in the wake of the Sept. 11 
> hijacking attacks that killed 3,600 in New York and Washington.
>
> ``We have migrated function after function into the IT (information 
> technology) cloud without thinking about security,'' he said.
>
> One way to do that, Clarke suggested in October, would be to build a 
> secure computer network for government agencies completely separated from 
> the Internet, dubbed ``Govnet.''
>
> While his idea has received a mixed reception from the high-tech 
> community, Clarke said Tuesday that the government had received 167 
> private-sector proposals on how to build Govnet.
>
> The ideas were being reviewed by the government and a separate team at 
> Carnegie Mellon University, he said.
>
> Govnet would not necessarily be built entirely from scratch, he said, but 
> assembled from existing agency-specific networks. It could use fingerprint 
> scanners, iris scanners or other ``biometric'' devices to screen users, he 
> said.
>
> ``With all these things, we might be able to set an example with Govnet,'' 
> he said.
>
> Clarke also appealed to the private sector, which controls the vast 
> majority of the Internet's infrastructure, to beef up its security 
> practices as well.
>
> ``We need to decide that IT security functionality will be built into what 
> we do. It's not an afterthought anymore,'' he said.
>
> Software products should be shipped with security settings at their 
> highest level, he said, and high-speed Internet providers should require 
> individual users to install ''firewalls'' to protect against damaging viruses.
>
> Software companies should not just make ``patches'' available to fix 
> vulnerabilities in their products, but automatically update users' 
> software for them, he said.
>
> ``It's not beyond the wit of this industry to figure out a way of forcing 
> down these patches,'' he said.

For archives see:
http://www.interesting-people.org/archives/interesting-people/