U.S. still vulnerable to cyber attack

[InfoSec News <isn () c4i org>]

http://www.siliconvalley.com/mld/siliconvalley/5864653.htm

By Jim Puzzanghera
Mercury News Washington Bureau
May 14, 2003
 
WASHINGTON - More than 20 months after the Sept. 11 terrorist attacks,
the United States remains ill-prepared to defend against a strike on
the nation's critical computer systems because of slow-moving federal
research efforts, members of Congress said Wednesday.

They charged that instead of working at breakneck ``Internet time,''
the four key agencies charged with researching new technologies to
combat cyber attacks are stuck in the glacial world of ``government
time,'' still crafting memorandums of understanding to allow
collaboration on projects.

``We better damn well get serious about this and not just talk, but
act,'' said Rep. Sherwood Boehlert, R-N.Y., chair of the House Science
Committee, which brought the heads of the four agencies to Capitol
Hill on Wednesday to testify about their efforts. ``The nation quite
simply has been under-investing woefully in cyber security R&D, and as
a result we lack both the experts and the expertise we ought to have
in a world that relies so heavily on computers and networks for the
necessities of everyday life.''

While defending their efforts and saying progress was being made, the
agency heads acknowledged there is much more work to be done.

``On a daily basis . . . there are opportunities for attack that could
be devastating,'' said Rita Colwell, director of the National Science
Foundation.

Terrorism experts fear attacks on computer systems that operate
electricity grids, phone systems or other critical infrastructure as
part of a terrorist strike. The federal government, in conjunction
with private industry, has been trying to protect those systems
through the use of fire walls and other technology to prevent such
attacks or lessen their impact.

The vulnerability of a cyber attack is particularly acute for the U.S.  
military, which is becoming increasingly dependent on computer
networks and information technology, said Tony Tether, the director of
the Pentagon's Defense Advanced Research Projects Agency, or DARPA.

``While moving to a network-centric warfare has created for us an
enormous capability . . . it has also created a tremendous
vulnerability,'' Tether told lawmakers. ``The enemy is going to attack
our networks in the future. If they are attacked, our whole capability
goes down.''

Wednesday's testimony follows the departure of two key White House
cyber-security advisers earlier this year. The upheaval has led to
concern in the high-tech industry that the Bush administration is not
making cyber security a priority in combating terrorism.

``Everybody in the private sector is scratching their head, wondering:  
`Who do we go to talk to about cyber security? Who's responsible for
coordinating threat analysis and coordinating responses for major
attacks?' '' said Michael Vatis, executive director of the private
Markle Foundation Task Force on National Security in the Information
Age. ``R&D is critically important, but has been largely neglected.''

Sharing those concerns, Congress last fall passed the ``Cyber Security
Research and Development Act,'' which authorized $903 million for
research efforts over the next five years. In creating the new
Department of Homeland Security, Congress set up a Science and
Technology Directorate to oversee cyber security as well as other uses
of technology in counterterrorism.

The heads of the four lead agencies for cyber-security research -- the
directors of the science foundation, DARPA, and the National Institute
of Standards and Technology, along with the undersecretary for science
and technology at the Department of Homeland Security -- said they
were making progress and beginning to work collaboratively on
projects.

But some science committee members were critical of their efforts.

Tether complained that DARPA had money to spend on cyber-security
research but lacked proposals, while Colwell said her agency had too
many proposals and not enough money to fund them. That prompted Rep.  
Vernon Ehlers, R-Mich., to quip that the two officials might want to
talk with each other.

Boehlert also criticized the agencies for not putting more resources
into cyber research. For example, the Department of Homeland
Security's science and technology division has requested $803 million
in its 2004 budget, but only $7 million is earmarked for
cyber-security research.

Last fall's legislation authorized the National Science Foundation to
spend $110.25 million on cyber-security research, but the agency is
requesting only about $51 million. DARPA's unclassified budget for
cyber-security research has actually declined, from about $90 million
in 2000 to $30 million in 2003. But Tether said those figures were
misleading, because more projects are now classified. He estimated the
agency will spend about $100 million on cyber-security research in
2004.


---------------------------------------------------------------------
Contact Jim Puzzanghera at jpuzzanghera () krwashington com or 
(202) 383-6043.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.