IP: RE: Cyber Attack Within the Next 2 Months?

[David Farber <dfarber () earthlink net>]

-----Original Message-----
From: "Ian Koxvold" <ian-koxvold () credo-group com>
Date: Mon, 1 Jul 2002 11:29:19 
To: <farber () cis upenn edu>
Subject: RE: Cyber Attack Within the Next 2 Months?

Professor Farber,

This seems rather weak. Of course IT security specialists are calling for "accelerated cooperation between the public 
and private sector" - they'll get paid for it.

The IT industry has ridden the Y2K boom, the internet boom (and bust), and are now looking to ride a cyber-security 
boom.

The Business Software Alliance has, for whatever reason, called for the Department of Homeland Security to abjure 
integrating NIST's Computer Security Division into their IT security planning, in favour of a Defence Advanced Research 
Projects Agency model.

In a letter to Chairman Tom Davis on Department of Homeland Security, Robert Holleyman (President and CEO of the 
Business Software Association) stated:

"Concern has been expressed that incorporating NIST's CSD within DHS will result in much greater responsiveness to 
security concerns without regard to technological feasibility or cost... At a minimum we think the legislation should 
explicitly state that the DHS is not authorized to develop cyber security technology specific standards or to require 
the use of specific hardware or software or to develop cyber security technologies that may compete against those 
developed by industry."

On the one hand the BSA is pushing a panic button with a sensationally-worded press release about the imminence of 
cyber-attack, while on the other hand it is lobbying against government security restrictions that might inconvenience 
industry.

This may be less surprising when you consider that BSA members include Adobe, Apple, Autodesk, Bentley Systems, 
Borland, CNC Software/Mastercam, Dell, Entrust, HP, IBM, Intel, Intuit, Macromedia, Microsoft, Network Associates, 
Novell, Sybase, Symantec and Unigraphics Solutions (an EDS company). 

In short, the BSA's members include nearly every large company with a vested interest in making sure that the 
government pays the private sector a lot of money to manage its IT security policy.

Best wishes,

Ian Koxvold
Credo, Charter House, 2 Farringdon Road, London, EC1M 3HP






-----Original Message-----
From: Dave Farber [mailto:dave () farber net]
Sent: Wednesday, June 26, 2002 1:42 PM
To: ip
Subject: IP: Cyber Attack Within the Next 2 Months?


While I think the risks are high in many places in the USG, I doubt the
reality of this. How about

The U.S. government is at risk for a major earthquake in DC  in the next
Year and ...

------ Forwarded Message
From: Ballman <Ballman () usna edu>
Organization: EE Dept
Date: Wed, 26 Jun 2002 08:37:57 -0400
To: dave () farber net
Subject: Cyber Attack Within the Next 2 Months?

====================================================
GOVERNMENT AT RISK FOR MAJOR CYBER ATTACK IN NEXT 12 MONTHS
Pros Say More Resources, Secure Information Sharing Needed
====================================================
The U.S. government is at risk for a major cyber attack in the next
year and agencies are not adequately prepared to defend themselves,
according to a survey of information technology professionals
released today by the Business Software Alliance.

Forty-nine percent of IT professionals think it is likely the
government will be hit by a major cyber attack in the next 12 months,
with a third of those saying it is extremely likely, according to the
study by Ipsos Public Affairs. Of those IT professionals most expert
on security issues -- those responsible for their company's computer
and Internet security -- 59 percent think a major attack against the
government is likely in the next year, the survey said.

"It's sobering that IT professionals predict a major cyber attack
against the United States in the next 12 months," said Robert
Holleyman, president and CEO of the BSA. "Even more alarming, nine
out of 10 IT professionals believe that the threat of a major cyber
attack is the same or worse since September 11."

Holleyman said the survey "underscores the need for accelerated
cooperation between the public and private sector to ensure that
sound cyber security technologies are deployed for homeland security."

One of the key findings of the survey was the belief of IT
professionals that the government needs to devote more time and
resources to cyber security -- even more than it did for Y2K. This is
a theme the BSA has been pushing for months in meetings with senior
White House officials. BSA member company CEOs -- during the group's
Global Technology Summit in December and again a few weeks ago at a
White House meeting -- have reiterated their commitment to help the
administration establish a more concerted cyber security initiative.

Highlights of the BSA Cyber Security Survey include:

* 72 percent of IT professionals say there is a gap between the
threat of a major cyber attack against the government and the
government's preparedness.

* IT professionals, by a margin of 10-to-1, are more likely to say
the U.S. government security measures are not at all adequate than
extremely adequate.

* Only one in four IT professionals say the government has built
adequate security measures into its e-government initiatives, while
one in three say the security measures are inadequate.

* 96 percent of IT professionals say the government needs to employ
technologies like encryption to secure its sensitive data so hackers
will not be able to access it even if they break into the
government's computer systems.

The survey of 395 information technology professionals was conducted
by Ispos Public Affairs between June 5 and June 7 and has a margin of
error of plus or minus 5 percent. The poll was conducted online and
surveyed IT professionals from companies of all sizes in a variety of
business sectors.

For a full copy of the study results, visit www.bsa.org.



---------------------------------------------------------
DISCLAIMER:

The information contained in this E-mail is privileged, confidential and protected from disclosure. If you are not the 
intended recipient or think that you have received this e-mail in error, please notify the sender. Thank you for your 
co-operation.
---------------------------------------------------------

For archives see:
http://www.interesting-people.org/archives/interesting-people/