[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] FOIA-ausnahmen für Cybersicherheits-Infoaustausch, Hintergründe
Was für die Politologen - interessante Details zu den bürokratischen
Prozessen auf dem Capitol Hill, in denen gerade die Erleichterung des
informationsaustausches zwischen IT-Unternehmen im Rahmen der ISACs und
anderer Einrichtungen zur Cyber-Sicherheit hin- und hergewälzt werden.
Cyber-Terrorism Fears Stoke Industry-Govt. Cooperation
By Brian Krebs, Newsbytes, 10/19/2001
Private industry and the federal government for years have been aware of
the need to beef up information sharing on cyber-vulnerabilities to help
ward off potential terrorist attacks on the nation's most vital computer
systems. Yet, it has taken the events of Sept. 11 to really place the
issue on the front burner, according to leaders from both sectors.
"There has always been an awareness that national security is a very big
business concern," said John Tritak, head of the Bush administration's
point agency for fostering cooperation between the public and private
sector. "The urgency has not changed, but the appreciation that there's
an urgency has."
Ron Dick, director of the FBI's computer crime division, said the agency
now conducts multiple daily briefings with industry groups representing
the power, water and financial services industries to swap data on
possible points of cyber-attack.
The increased cooperation comes as the FBI warns that terrorists could
soon target vulnerabilities in systems that regulate the nation's most
critical infrastructures, such as the national power grid and the
Sen. Robert Bennett, R-Utah, said the next physical terrorist attack on
U.S. targets will likely be accompanied by a simultaneous attack on
computer systems used to coordinate an emergency response.
"Realize how the two can be tied together to produce the maximum terror
and fear, so that not only has something very spectacular blown up, but
we can't do anything about it because our computers are shut down,"
Bennett said today at a conference sponsored by the Center for Strategic
and International Studies.
While both sides cheer the relatively nascent cooperative efforts,
Congress and industry have determined that the data sharing will go only
so far without legal guarantees giving companies a limited exemption
from antitrust scrutiny for sharing cyber-attack information.
Corporations also want to limit information that may be obtained by the
press or public through the Freedom of Information Act.
Bennett and Sen. Jon Kyl, R-Ariz., recently introduced legislation to
enact such protections. Reps. Tom Davis, R-Va., and James Moran, D-Va.,
have proposed a similar measure in the House.
Bennett, who played a key role in drafting similar legislation in
preparation for the Y2K conversion, said the response to his legislation
from both industry and fellow lawmakers has been overwhelmingly
So far, however, intense internecine squabbling among various Senate
committee chairmen with jurisdiction over the measure typifies the sort
of stovepiping that has stymied stronger interagency cooperation on
cyber-security issues to date, Bennett said.
"Everybody likes my bill, but we can't find a home for it. They say hell
hath no fury like a congressional chairman whose jurisdiction is
challenged," he said.
"Various chairmen of the various committees say, 'Yes, this is an
important problem, and I will handle it.' Every one of them is willing
take on the issue, but not one is willing to give up jurisdiction to
anyone else," Bennett said. "At the moment, (Senate Majority Leader Tom)
Daschle is struggling with how he can deal with the various maharajas
who preside over these committees."
Bennett's bill would encourage industry sectors to share data on
computer intrusions and network vulnerability with the government, which
would in turn compare the information with data gleaned from other
sectors and provide industry with a meta-analysis of the data.
Bennett said he was engaged in ongoing discussions with the new chairman
of the Securities and Exchange Commission to see if the SEC might be
amenable to issuing a rulemaking that would require companies to detail
their information security measures in their quarterly SEC filing, in
much the same way companies were required to list their Y2K remediation
efforts leading up to the date change.
"If you adopt fail-and-fix notion with respect to cyber-terrorism,
you're going to have much higher costs than if you address the issue up
front," Bennett said. "If we can get the SEC and other agencies to get
people to understand that, we will go a long way toward getting the
advantages that come out of remediation activities."
But Harris Miller, president of the Information Technology Association
of America, said the federal government must first do a better job of
coordinating action among its own agency heads accountable for computer
"The alphabet soup of government agencies charged with some aspect of
computer crime prevention makes it easy to see why progress has been
slow," Miller said.
Miller's comments were reinforced by a General Accounting Office (GAO)
report issued today, which found the number one obstacle to greater
information sharing among federal organizations was settling on a common
approach for sharing such data.
Last week, the Bush administration signed an executive order to
establish a critical infrastructure protection board, to be staffed by
the major agency chief information officers. Those agency chiefs would
in turn answer to longtime national security aide Richard Clarke, tapped
earlier this month to be the government's information security czar.
Yet Miller said most federal CIOs he has talked to privately concede
they are in desperate need of funding to update the computer equipment
needed to carry out their new responsibilities. In fact, the GAO report
cites a general lack of adequate funding as the second biggest obstacle
to increased inter-agency cooperation.
Miller suggested the government invest at least $10 billion in federal
spending, grants and loans to get the job done.
"Simply saying that this is important is not the same as providing the
resources to get the job done," he said.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.