[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Pentagon will Ausländer aus sensitiven IT-Bereichen heraushalten
... und stößt damit sogar auf den Widerstand von Richard Clarke, den
Cybersicherheits-Zar der Regierung.
U.S. to Curb Computer Access by Foreigners
By CHARLES PILLER
Los Angeles Times Staff Writer
March 7 2002
Sparked by heightened security concerns since the Sept. 11 terrorist
attacks, the Defense Department has begun laying the groundwork to ban
non-U.S. citizens from a wide range of computer projects.
The planned policy--slated for adoption within 90 days--extends
restrictions on foreign nationals handling secret information to
"sensitive but unclassified positions," which include the swelling
numbers of contract workers who process paychecks, write software,
track supplies and maintain e-mail systems.
The move comes amid a growing awareness of the vulnerability of
government computer systems in an era when software espionage and
malicious hacking have become commonplace.
The Defense Department's proposal, covering a work force that accounts
for one-third of federal civilian employees, would represent the most
sweeping implementation of the government's restrictions on foreign
technology workers. The much-smaller Justice Department instituted
little-noticed restrictions in July, and the Treasury Department has
had a ban on noncitizens working on its communications systems since
Officials said the restrictions are needed to get a handle on the
proliferation of foreign nationals who work on government computer
systems, but the plan has raised concerns that the government is being
xenophobic and shortsighted.
Experts said barring foreign nationals from certain computer projects
opens the prospect that key jobs will go unfilled because of a
shortage of qualified citizens--a situation exacerbated by the
relatively small number of U.S. students who pursue advanced
technology degrees. Costs may also rise sharply as higher-paid U.S.
citizens replace foreign workers.
"You can easily create a critical manpower shortage," said Annalee
Saxenian, a professor of city and regional planning at UC Berkeley who
has studied the effect of immigrants on the technology industry.
"There's probably no company in Silicon Valley that doesn't have from
10% to 40% of their work force who are foreign nationals. . . .
[Defense Department officials may be] boxing themselves into a
situation where they will lose the best talent."
Even Richard A. Clarke, top cyber-security advisor to President Bush,
views the restrictions as a misguided priority.
"Rather than worry about what country somebody was born in, we ought
to focus on the design and the architecture of our information
systems," he said, adding that he supports the use of background
checks, automatic recorders that log keystrokes by programmers and
stricter rules on individuals changing data.
"In general, trying to restrict the [information technology]
professional that we use to American citizens is not going to be an
effective approach," Clarke said. "The United States does not produce
enough American citizens who are IT-security-trained to operate our
Computer Security Is Long-Standing Problem
Analysts long have warned about lax security in government computer
"These [software] systems are wide open," said Ed Yourdon, an
independent expert in technology security policy. "The vast majority
of bad things done on computer systems are done by insiders--not
teenage hackers in Moscow."
Two years ago, the General Accounting Office, the investigative arm of
Congress, studied the use of foreign contractors by federal agencies
working to fix year 2000 software problems. It found foreign nationals
working on 85 contracts for "mission-critical" software. Yet several
of the agencies investigated lacked even rudimentary controls over
The Navy sent software or data associated with 36 mission-critical
systems to a foreign-owned contractor yet "could not readily determine
how the code and data were protected during and after transit to the
contractor facility," the GAO report said.
"In many instances, the [Defense Department] was not aware when some
programming changes were being done by a contractor who used foreign
nationals," said David L. McClure, who led the GAO study.
The Health and Human Services Department used software engineers from
Pakistan, Russia and Ukraine without performing background checks.
Similar lapses were found in the departments of Energy, Agriculture
and State, as well as NASA and other federal agencies. None of those
agencies is considering new restrictions in the use of foreign
nationals, although some require regular employees to be citizens.
The Defense Department previously had been developing a system of
security restrictions for foreign nationals working on unclassified
computer operations, but Sept. 11 prompted plans for more restrictive
IT Work Routinely Given to Foreigners
"The IT business has become largely contractual, with programming and
data work being farmed out to areas where there is cheap labor," Pete
Nelson, the Defense Department's deputy director for personnel
security, wrote in an e-mail to The Times. "If this trend does not
simultaneously take into consideration security requirements, there
would be reason for concern. Some foreign nationals--those in the most
sensitive position--may not be permitted to remain."
Nelson said no details of the policy would be made public until it
The Defense Department had no estimate of how many noncitizens it has
as employees or contractors but acknowledged that the shift could
Some major defense technology contractors also said they could not
readily estimate how many of their employees are foreign nationals.
Industry experts believe that thousands of jobs could be involved.
Major technology contractors, such as Science Applications
International Corp. in San Diego and Computer Sciences Corp. in El
Segundo, said they can meet any new Defense Department requirements.
Smaller contractors may have more difficulty doing so.
Indus Corp., a 300-employee technology contractor in Vienna, Va., that
works with the military and other government agencies, fulfills
military contracts without tapping its 40 to 45 employees who are not
U.S. citizens, said Chief Executive Shiv Krishnan.
"In the future, there may be opportunities we can't bid on because of
the dearth of available talent," said Krishnan, who came to the U.S.
from India to study and gained American citizenship 12 years ago.
Dan Kuehl, a professor of cyber-security at the National Defense
University in Washington, said any move to restrict unclassified tasks
to U.S. citizens could create a logistical nightmare.
Despite the high-tech recession, the country faces chronic shortages
of professionals who can manage the complex computer systems,
databases and networks prevalent in government agencies. The high-tech
industry relies heavily on Indian, Chinese and other Asian workers--a
group that long has complained about being unfairly targeted on issues
of U.S. loyalty.
Those shortages prompted Congress to create a special visa program
through the Immigration Act of 1990 known as H-1B, which permitted
more than 163,000 highly skilled foreign workers to take jobs in this
country last year. Many are employed by defense contractors.
A move away from using foreign nationals also could increase
contracting costs--building pressure on managers to make do with fewer
tech professionals, which would itself be a security liability, said
John Pescatore, a security analyst with GartnerGroup Inc.
Relatively few U.S. students are being trained to fill the gap, while
foreign student enrollment in technology programs at U.S. universities
has soared. From 1991 to 2000, 46% of U.S. doctoral degrees in
computer science were awarded to foreign students, the National
Science Foundation said.
"The same security concerns are being expressed about the entire
critical infrastructure"--both government and private, Yourdon said.
"We have foreign nationals working in systems that control electrical
power or move billions of dollars around the financial systems or
control trades on the Nasdaq."
But banning noncitizens from sensitive jobs may offer little assurance
of security, he said. Three of the most damaging espionage cases in
U.S. history--those of the CIA's Aldrich Ames, the FBI's Robert Philip
Hanssen and the Navy's Walker family spy ring--involved U.S. citizens
who were direct employees of the government and had access to
classified computer systems.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.