Bush's Cyber-Security Plan Targets E-Mail

blitz blitz at macronet.net
Mon Aug 26 09:35:22 UTC 2002



>Here's Big brother...now we're all going to be spies on our fellow citizens.
>
>http://www.eweek.com/article2/0,3959,481112,00.asp
>
>August 23, 2002
>By Caron Carlson and Dennis Fisher
>
>In an effort to bolster the nation's cyber-security, the Bush
>administration has plans to create a centralized facility for
>collecting and examining security-related e-mail and data and will
>push private network operators to expand their own data gathering,
>according to an unreleased draft of the plan.
>
>The proposed cyber-security Network Operations Center is included in a
>draft of The National Strategy to Secure Cyberspace, which was
>developed by the president's Critical Infrastructure Protection Board
>with input from the private sector and is due to be released Sept. 18.
>
>The call for expanded data collection and analysis results from
>administration concerns that efforts to secure cyber-space are
>hampered by the lack of a single point of data collection to detect
>cyber-security incidents and issue rapid warnings, according to the
>draft strategy, obtained by eWEEK. Critics, however, worry that such a
>system would be expensive and difficult to manage, and would allow
>government agencies to expand their surveillance powers.
>
>Other recommendations include restricting the use of wireless
>technologies by government agencies; requiring corporations to
>disclose their IT security practices; establishing a "test bed" for
>multivendor patches; creating a certification program for security
>personnel; and mandating certifications for all federal IT purchases.
>
>Howard Schmidt, vice chairman of the PCIPB, said that the center would
>consolidate threat data from the country's collection end points, such
>as the FBI's National Infrastructure Protection Center, the Critical
>Infrastructure Assurance Office, the Department of Energy and
>commercial networks. Private companies would be encouraged to increase
>the amount of data collected and share it with the government.
>
>"Major companies generally report this information internally,"
>Schmidt told eWEEK. "We're looking for that to come back to a central
>location."
>
>According to the draft strategy, the public/private initiative would
>involve the major ISPs, hardware and software vendors, IT security
>companies, and Computer Emergency Response Teams, in addition to law
>enforcement and other agencies.
>
>Some feel that the government's internecine rivalries and
>information-sharing rules will hamstring any attempt at centralized
>collection and analysis.
>
>"There are such high barriers in government to being able to
>disseminate information and adjusting the environment to react to
>threats, I don't think it will have much impact," said William Harrod,
>director of investigative response at TruSecure Corp. in Herndon, Va.,
>and a former FBI computer forensic specialist. "They'll have different
>information coming in from different analysts, and they'll have to
>weed through it."
>
>The proposed strategy recommends that the center be partially
>federally funded, but it would inevitably impose new costs on the
>private sector without commensurate benefits, critics charged.
>
>"Government doesn't have a good track record when it comes to
>collecting and disseminating massive volumes of data," said Kevin
>Baradet, network systems director at Cornell University's Johnson
>Graduate School of Management in Ithaca, N.Y. "We could be drowning in
>data, most of it noise."
>
>Then there are the privacy concerns.
>
>"Whatever the federal government wants to do with its own data is OK
>with me as long as it doesn't waste my personal and corporate tax
>dollars," said Karl Keller, president of custom software developer IS
>Power Inc., in Thousand Oaks, Calif. "The privacy aspects, however,
>concern me greatly. This sounds like a dramatic and evil expansion of
>Echelon and Carnivore."
>
>The strategy also calls on the FBI, Secret Service and Federal Trade
>Commission to establish a single system for corporations to report
>Internet fraud and extortion, illegal hacking, and unauthorized
>network intrusions. It recommends that the federal government
>systematically collect data on cybercrime victims and cyber-intrusions
>from businesses. The administration hopes to assuage industry fears by
>recommending legislative changes--including exemptions from Freedom of
>Information Act requirements and exemption from antitrust laws--that
>would reduce liability for companies turning over communications to
>law enforcement.




More information about the NANOG mailing list