U.S. Cyber-Security Efforts Faulted

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A47335-2002Jul22.html

By Ted Bridis
Associated Press Writer
Monday, July 22, 2002; 10:38 PM 

WASHINGTON -- Years after orders from the White House to beef up the
security of the nation's most important computer systems, the
government is having trouble identifying which organizations should be
involved and how they should be coordinated, according to a new
report.

President Bush's recent proposal to create a Cabinet-level Department
of Homeland Security said at least 12 organizations oversee protection
of important infrastructure. But the General Accounting Office, the
investigating arm of Congress, said it identified at least 50
organizations already involved in such efforts, usually focused on
protecting vital computer networks.

The GAO said those groups include five advisory committees, six
organizations under the White House, 38 groups under executive
agencies and three others. Within the Defense Department alone, the
GAO found seven organizations.

Those numbers might go up. Richard Clarke, the chairman of Bush's
cyber-security protection board, said the Sept. 11 terror attacks and
their aftermath have caused the administration to consider broadening
definitions of critical infrastructure to include national monuments
and chemical industries.

"We have learned from the tragedy on Sept. 11 that our enemies will
increasingly strike where they believe we are vulnerable," said Sen.  
Joseph Lieberman, D-Conn., who asked for the GAO report as chairman of
the Governmental Affairs Committee. "As this report shows, our
cyberspace infrastructure is ripe for attack today."

Clarke also noted that most of the networks needing protection are
owned by private companies, universities, state and local governments
and even home computer users. "This presents a unique strategic
challenge," Clarke said in a letter to the GAO.

The government previously defined critical infrastructures to include
banks, hospitals, water and food supplies, communications networks,
energy and transportation systems and the postal system.

The GAO report warned that the problem can't be solved at least until
it's defined well. "The opportunity for ensuring that all relevant
organizations are addressed exists in the development of the new
national strategy," it said.

Even organizations already involved are slowly discovering the scope
of the problems from an increasingly interconnected world. An early
warning network for the nation's food manufacturers recently decided
it needed to coordinate with the Interior Department because that
agency controls many of the country's water supplies and hydroelectric
dams for electricity.

The GAO also noted that it was nearly impossible to know how much the
U.S. government was spending on the protection of its infrastructure,
because the organizations involved don't receive money for specific
projects and don't track such spending.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.