Lawmaker Sounds Computer Security Warning Note

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/170534.html

By Robert MacMillan, Newsbytes
WASHINGTON, D.C., U.S.A.,
26 Sep 2001, 5:02 PM CST
 
The recent terrorist attacks on the World Trade Center and the
Pentagon presage the potential of severe cyber-sorties on the nation's
and government's critical IT infrastructures, and now is not the time
for Congress to delay in doing their part to fabricate a strong online
defense, an influential House subcommittee chairman today said.

Rep. Stephen Horn, R-Calif., chairman of the House Government Reform
Subcommittee on Government Efficiency, Financial Management and
Information Technology, said in a hearing on IT security that the
defenders of the critical IT infrastructure must learn from the Sept.
11 terrorist attacks. They must realize, he said, that the
"government's critical computer systems are as vulnerable to attack as
airport security."

Horn also said that the General Accounting Office (GAO) in 1997 added
government computer security to its high-risk list, but "it is now
2001, and the government has made little progress in addressing
computer security issues."

GAO Information Technology Issues Managing Director Joel Willemssen
told the subcommittee that the federal government's IT infrastructure
continues to be poorly protected, due in large part to slow movement
to adopt better practices, and the difficulty of inter-agency
coordination.

This is especially dangerous, he added, in light of recent
headline-grabbing viruses and worms, including ILOVEYOU, Melissa,
CodeRed and other crippling malware that has run repair and
replacement costs into the billions of dollars.

Willemssen also noted a larger number of computer security breaches
reported to Carnegie Mellon University's Computer Emergency Response
Team (CERT), from 9,859 in 1999 to 21,756 in 2000, especially with the
rapidly increasing amount of hacking tools made available online.

The Sept. 11 terrorist attacks notwithstanding, Horn also said recent
computer worm and virus issues highlight the ongoing need to protect
critical computer systems.

"Following the terrorist attacks on New York and Washington, the
'Nimda' worm attacked computer systems around the world," Horn said.
"On Monday, a new worm was unleashed on computer systems. This worm is
capable of wiping out a computer's basic system files. These attacks
are increasing in intensity, sophistication and potential damage."

Horn long has been an advocate of increased cyber-security for
government computer systems. Last September he released a "report
card" for federal government cyber-security, giving the government an
"appalling average grade of D-minus."

The Clinton administration's National Security Council cyber-security
point man, Richard Clarke, agreed with Horn that computer security
needed drastic improvement.

In testimony before the subcommittee today, Information Technology
Association of America (ITAA) President Harris Miller said that future
attacks could be aimed completely at the Internet.

"Many people are unsure what homeland defense means and unclear on how
they can participate," Miller said. "I would like to suggest an
immediate action: safeguard U.S. computer assets by adopting much more
widely sound information security practices."

Several private groups, including Gartner Inc., have urged the Bush
administration to appoint a federal chief information officer to field
a range of IT issues, including privacy, electronic government,
Internet voting and cyber-security.

Rep. Jim Turner, D-Texas, has sponsored legislation to create a
federal CIO position, as have Sens. Joseph Lieberman, D-Conn., and
Conrad Burns, R-Mont. White House Office of Management and Budget
Deputy Director Sean O'Keefe in July told a Senate hearing, however,
that a federal CIO would create a new and unnecessary government
bureaucracy.

The Bush administration supports using the OMB deputy director of
management as a cyber-security chief.

Meanwhile, Congress is ready to reconcile House and Senate spending
bills that provide millions for online crime-fighting. The Senate
Commerce-Justice-State Appropriations bill contains about $100 million
for the FBI to battle Internet crime, as well as $6.8 million for the
FBI to better intercept data.

The Senate also recommends another $7 million to help the FBI break
encrypted data, and $7.2 million for the Office of Justice Programs to
develop four regional labs for analyzing the hard drives of seized
computers.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.