Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] mehr zu Clarke's Plänen ("Cyber Warning Information Network" etc.)



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Es folgen zwei Artikel. RB


http://www.govexec.com/dailyfed/1101/112601td2.htm
November 26, 2001 

Cybersecurity chief pushes early-warning system 
Bara Vaida, National Journal's Technology Daily 

The top priorities for the White House Office of Cyberspace Security
include the creation of both an early-warning network for cyberattacks
and an analysis center that would help the government target the most
vulnerable points in the nation's critical infrastructure, the office's
chief said last week in an interview with National Journal's Technology
Daily. 

Richard Clarke, special adviser on cyberspace security to President
Bush, said the early-warning network, called the Cyber Warning and
Information Network (CWIN), would at first be a voice system that would
link major computer-network operation centers and the
information-sharing and assurance centers (ISACs) that represent
critical infrastructure sectors, such as financial services,
telecommunications and transportation.

CWIN would be modeled after the existing National Operations and
Intelligence Watch Offices Network, which connects senior officials at
the Pentagon, the National Security Agency, the White House, the State
Department and the CIA by phone within 15 seconds.

"Let's say someone [in the private sector] sees 'Nimda' [a computer
virus] spiking," Clarke said in describing how CWIN would work. "They
can pick up the phone and get most of the people that need to know right
away.

"This is a case where the government doesn't know best or first," he
added. "So you need a public-private partnership to reach out to these
nodes in the private sector ...that see viruses first, that see the
tsunamis of denial-of-service attacks first."

Clarke also is working on building the National Infrastructure
Simulation and Analysis Center authorized under the section 1016 of the
anti-terrorism law that Bush signed into law last month. The center was
authorized to receive $20 million through the Defense Department and
would create a simulated model of the Internet, the nation's telecom
system and its physical infrastructure. The goal is to enhance
understanding of how the systems interact and to mitigate
vulnerabilities.

"There really is no place today where there is a live model of the
Internet, and we want to model the interactions and interdependencies
between the Internet, the telephone networks, the electric power grid,"
Clarke said. "The way I describe it is [that] we need an 'acupuncture
map' of the U.S. You know, where are the pressure points?" 

Developing a model also may help Clarke to articulate his message that
private-sector companies need to analyze their computer-security
vulnerabilities. 

"The lesson I'm trying to get out to people ... is that we need to
understand what the worst-case scenario is and then do prudent risk
management so that you mitigate those possibilities," he said.

In addition, Clarke said Bush supports legislation by Sen. Robert
Bennett, R-Utah, that would exempt businesses from the Freedom of
Information Act (FOIA) when they share computer-security information
with the government. Clarke said he has talked to lawmakers on the
issue.

On encryption, Clarke said he has no plans to change current U.S.
policy, though some people on the Hill wanted to reopen the issue after
the Sept. 11 terrorist attacks. 

-----------------------------

http://www.govexec.com/dailyfed/1101/112601td1.htm
November 26, 2001 

White House resurrects plan to track computer break-ins 
By Bara Vaida, National Journal's Technology Daily 

White House cybersecurity adviser Richard Clarke would like to revive a
plan for tracking patterns of computer activity and attempted intrusions
at all government agencies, though the plan has been controversial in
the past. 

The plan, called the Federal Intrusion Detection Network (FIDNet), was
proposed under the Clinton administration in 1999 but dropped after a
firestorm of criticism from civil liberties groups. In an interview with
National Journal's Technology Daily at his office last week, Clarke said
the Defense Department is the only agency that has implemented the
FIDNet concept, and he would like to extend the program to civilian
agencies. 

"It's not among my top five priorities, but I do think it is something
we need to do," said Clarke, who developed the plan when he was at the
National Security Council under the Clinton administration. "[I]n the
absence of knowing what the patterns are across departments, we are
somewhat in the blind about understanding the threat" of cyberattack.

Clarke, now a part of the Bush administration, defended FIDNet as being
misunderstood by the civil liberties groups that attacked it.

"The critics of [FIDNet] defined it on their own without any
relationship of the definition we gave it and then attacked it. And if
it were what they said it was, I'd have attacked it, too," he said. "It
was a rather simple concept, which the Defense Department has already
implemented, and no one has attacked that."

He explained that FIDNet would compile information gathered by existing
intrusion-detection systems in every agency into one database. That
information then could be analyzed to determine patterns on: who is
attacking government agencies based on their Internet protocol
addresses; the time of day the attacks are occurring; the techniques the
attackers are using; the vulnerabilities they are trying to exploit; and
the type of sites they are attacking.

But in the near future, other issues surpass FIDNet in priority, Clarke
said. His top priorities are: developing a national strategy for
cybersecurity; creating a secure, government-wide intranet called
Govnet; developing an emergency priority system for cell phones;
expanding cyber-security education programs; creating a national
infrastructure simulation and analysis center, and creating an
early-warning detection network for cyberattacks.

On Monday, private-sector representatives from each portion of the
nation's critical infrastructure, such as banking, information
technology and energy, are meeting in Washington to help draft the
national strategy for cybersecurity. Clarke said the Bush administration
wants the "stakeholders" in critical infrastructure to write a portion
of the plan to ensure that there is "buy-in" from the private sector.

On Tuesday, the White House Critical Infrastructure Protection Board
(CIPB), which aims to coordinate government wide cyber security and
increase accountability among agencies, will hold its charter meeting.
Mark Forman, associate director for e-government and information
technology at the White House Office of Management and Budget, is a
member of the CIPB and will be tasked with prodding agencies to improve
their computer security, Clarke said.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.