YAGP (Yet Another Government Panel)

[security curmudgeon <jericho () attrition org>]

http://interactive.wsj.com/articles/SB995407257407394043.htm

July 18, 2001
 
U.S. Panel Is Planned on Protecting
Nation's Most Important Computers

By TED BRIDIS 
Staff Reporter of THE WALL STREET JOURNAL

WASHINGTON -- The Bush administration is moving to set up a government
cyber-security panel to determine how best to protect the nation's most
important computers and keep the federal government functioning in case of
serious cyber-attack. 

The effort is outlined in the final draft of an executive order, called
"Infrastructure Protection in the Information Age," which is circulating
among senior administration officials. President Bush is expected to sign
and issue the order within two weeks, and the panel would begin operations
Oct. 1. 

To be composed of 23 officials representing a broad range of federal
departments and agencies, the panel would be a focal point for policy
decisions on computer-network security and act to ensure that outages from
attacks are "rare, brief, limited geographically, manageable and minimally
detrimental to the economy, human and government services and national
security," the draft order says. 

The document doesn't spell out who will run the board as a senior adviser
reporting to Mr. Bush, but the presumptive chairman is Richard Clarke, the
U.S. national coordinator for counterterrorism, organized crime and
computer security. The order specifies that each department and several
agencies appoint a "senior official" to the committee, but it remains
unclear whether board members will have sufficient clout to reverse years
of generally poor computer security in government. 

The board could have an indirect impact on private industry. It will work
with industry groups on how to protect "critical'' private-sector computer
networks, such as those controlling banking, telecommunications and
electric power. It also is expected to consult with Congress on
computer-security legislation. And by helping to set standards for
government equipment, the board could influence the broader market. 

It will work with companies through advisory panels and two industry
groups, the National Information Assurance Council and the National
Security Telecommunications Advisory Committee. 

But some computer-security experts question whether a committee approach
can be effective. "All of these people have a point of view," said Fred
Rica, a partner at PricewaterhouseCoopers who participates on a White
House advisory committee. "Ultimately you need someone accountable." 

The result of months of review by the National Security Council, Mr.
Bush's order wouldn't make the board itself responsible for computer
break-ins at U.S. agencies; the heads of departments would continue to be
accountable for lax security. 

The new order switches oversight for national security networks from the
Pentagon to the civilian board. Under the order, the Defense Department
would help lead studies on protecting sensitive U.S. networks and deciding
how to respond to attacks. Senior officials earlier had hoped to scrap
some of the government's patchwork of committees, boards and councils
responsible for warning about cyber-attacks. The new order doesn't disband
any existing organization. 

 


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.