Bush administration considering creation of cybersecurity fund

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://www.usatoday.com/tech/news/computersecurity/2002-09-09-cybersecurity_x.htm

09/09/2002 

WASHINGTON (AP) -- The Bush administration is considering creation of
a fund that would combine tax dollars and money from the technology
industry to pay for Internet security enhancements, according to
internal documents from the government's effort to develop a national
cyberprotection plan.

Federal officials writing the plan, set to be disclosed this month,
also are discussing sweeping new obligations on companies,
universities, federal agencies and home users designed to enhance
security of the Internet, according to more than 30 pages of working
papers obtained by The Associated Press.

The goal is to "empower all Americans to secure their portions of
cyberspace," according to one document identified as an executive
summary for the National Strategy to Secure Cyberspace.

Other ideas under consideration include:

* Improving security of wireless technologies, and prohibiting
  their use in some cases by federal workers.
      
* Spending more to protect computer systems that help operate major
  utilities like water and power.
      
* Studying ways to respond to cyberattacks when the source of the
  attacks cannot be distinguished immediately between a hostile 
  government or teenage hacker.
      
* Creating an industry testing center that would make sure software
  updates don't cause security problems.
      
* Studying the creation of a new government network to handle
  communications and computing in case of Internet outages.

A White House official cautioned Friday the ideas cited in the working
papers are subject to change until President Bush approves them. Even
then, recommendations would have to go through traditional policy and
budget processes, which could include congressional approval, the
official said.

The administration circulated some draft language last week for review
among federal agencies with instructions not to distribute it outside
government, said one person familiar with the effort, speaking on
condition of anonymity.

An updated proposal is expected from the White House next week, with
the plan's final release set for Sept. 18 at a news conference at
Stanford University attended by FBI Director Robert Mueller and top
administration officials.

The plan is expected to include more than 80 recommendations and is
being assembled by a U.S. advisory board headed by Richard Clarke, a
top counterterrorism official in the Bush and Clinton administrations,
and Howard Schmidt, a former senior executive at Microsoft.

The group's working papers describe creation of a technology fund "to
address those discreet technology areas that fall outside the purview
of both industry and government and yet are critical to the future
secure functioning of the Internet."

The documents reviewed by the AP do not indicate whether the money
would come from new taxes, grants or existing revenues, but they note
that the fund could be "jointly financed by government and industry."

One example cited in the internal documents that could be paid by the
fund is development of highly secure versions of computer operating
system software. The most popular operating systems are from
Microsoft, Apple Computer and developers of the Linux software.

Some proposals in the working documents already have been struck from
the final plan, the White House official said. One would urge Internet
providers to offer customers security software that would protect them
from hackers. Clarke has previously endorsed that proposal in public
appearances.

In an unorthodox move drawing early praise among experts, the White
House is placing some responsibility on home users for helping to
secure the Internet, along with the nation's largest corporations and
universities. Hackers increasingly have seized control of powerful,
inexpensive home computers and high-speed residential Internet
connections to attack others online or to hide illegal activities.

To help home users, the administration is considering a national
advertising campaign aimed at schools and other audiences on the
importance of safe computing, according to the documents.

The plan's working papers also recommend encouraging Internet providers
to adopt a code of good conduct governing cooperation; and encouraging
government to collect better information about cyberattacks and study
whether harsher penalties for hacking are needed.

 
_______________________________________________________________________
eric wolbrom, CISSP                     Safe Harbor Technologies
President & CIO                         190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000            Katonah, NY 10536
Fax   914.767.3911                              http://www.shtech.net
_______________________________________________________________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.