[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] mehr zu Homeland Security und Cyber-Sicherheitsgesetzen
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://news.com.com/2100-1023-942686.html
Homeland defense focus shifts to tech
By Declan McCullagh Staff Writer, CNET News.com July 10, 2002, 4:00 AM
PT
WASHINGTON--Computer security is becoming an increasingly critical part
of President Bush's proposal for a homeland defense department.
When Bush formally proposed the department last month, he predicted that
the future agency would aid in investigating Al Qaeda and thwarting
disasters similar to those of Sept. 11. In the televised address, he
never mentioned the Internet or so-called cybersecurity.
But as Capitol Hill scrutinizes the proposal, politicians are fretting
about tech-savvy terrorists--and insisting any new agency must shield
the United States from electronic attacks as well.
"If we don't make sure the Homeland Security Department is prepared in
this area of cybersecurity, we have failed in our duty," House Energy
and Commerce Chairman Billy Tauzin, R-La., said Tuesday.
At Bush's urging, House Republicans have asked committees for any
suggested changes to the White House-backed bill by the end of the week,
and at least four committee votes are scheduled for Wednesday. On
Thursday, a special panel chaired by House Majority Leader Dick Armey,
R-Texas, will hold its first meeting to work out a final version of the
plan.
Until this week, Congress has focused on how the proposal would combine
22 agencies, including the Secret Service, the Coast Guard and the
Federal Emergency Management Agency, into a massive Department of
Homeland Security.
Also included in the bill, and discussed at length in a pair of hearings
Tuesday, are equally radical changes for the U.S. government's Internet
defenses. The plan would glue together nearly all computer protection
functions, from the Commerce Department's Critical Infrastructure
Assurance Office to the Computer Security Division of the National
Institute of Standards and Technology to the Federal Computer Incident
Response Center.
The complex reshuffling of bureaucracies, including twists such as the
proposed department's half-acquisition of the FBI's National
Infrastructure Protection Center, has prompted some politicians to ask
for more time to examine the plan. Privacy groups also have raised
concerns about database sharing and have suggested that the department
be subject to traditional open-records laws.
The House Science committee, for instance, plans to propose an amendment
that would add an "Undersecretary for Science and Technology" to the
department. Currently there are five proposed undersecretaries, a deputy
secretary and allowance for "not more than six assistant secretaries."
>From Washington's perspective, the concept of cybersecurity remains
somewhat murky and marked by exaggeration. Last year, the head of the
Defense Intelligence Agency told Congress that Fidel Castro could be
planning a "cyberattack" on the United States, and White House
cybersecurity czar Richard Clarke has spent years predicting an
"electronic Pearl Harbor."
Tech's double-edged sword Nearly everyone agrees that any
electronic-defense plan should anticipate attacks against both
government agencies and important systems owned by private companies.
"In the information age, the same technological capabilities that have
enabled us to succeed can now also be turned against us," John Tritak,
the head of the Critical Infrastructure office, said Tuesday. "Powerful
computing systems can be hijacked and used to launch attacks that can
disrupt operations of critical services that support public safety and
daily economic processes."
President Clinton created Tritak's group by executive order in 1998.
Since then, it's spent much of the time working with American businesses
to beef up security.
But Tuesday, some politicians questioned whether that approach is
working--and whether new laws and regulations are needed to bring
executives to heel. Such requirements could include everything from
design standards for backup power supplies to security rules for Web
servers.
"Do you believe that efforts to regulate security across the private
sector are warranted and are even likely to be effective?" asked Rep.
James Greenwood, R-Pa., who chairs the Judiciary subcommittee.
"I'd like to think we made some headway in reaching out to industry,"
Tritak replied.
James McDonnell, the director of the Energy Department's security
program, answered by saying he did not think new security laws were
necessary, at least not yet.
"If we go forward with our vulnerability assessments and find that
industry (is) not using these or (is) not taking care of their assets,
then maybe we need to revisit what regulations are required," McDonnell
said.
Rep. Bart Stupak, D-Mich., said he was tired of hearing excuses for poor
performance by federal IT officials and wondered whether the massive
proposed reorganization could exacerbate the situation.
"None of the computers seem to be compatible in the federal government,"
Stupak said. "Every time we spend billions of dollars to upgrade a
computer, it doesn't seem to work and we have to start all over
again...Are we going to have another layer of computers that don't talk
to each other while cybersecurity is endangered?
"It seems like there's more of a turf war; we won't trust this person
with this information, or it's our information and won't go further. I
don't think it's all just computer-related problems or security-related
problems but leadership problems."
A report that congressional auditors published last year said that
instead of becoming a highly sensitive nerve center that responds to
computer intrusions, the FBI's National Infrastructure Protection Center
(NIPC) had turned into a federal backwater that was surprisingly
ineffective in pursing malicious hackers or devising a plan to protect
electronic infrastructure. It highlighted the NIPC's turf wars and
concluded: "This situation may be impeding the NIPC's ability to carry
out its mission."
David Sobel, general counsel of the Electronic Privacy Information
Center, said Tuesday that the proposed department should not be
completely immune to requests made under the Freedom of Information Act.
Private companies have said they need such an exemption to be sure that
sensitive information they provide not be disclosed.
"Any claimed private sector reluctance to share important data with the
government grows out of, at best, a misperception of current law," Sobel
said. "Exemption proponents have not cited a single instance in which a
federal agency has disclosed voluntarily submitted data against the
express wishes of an industry submitter."
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.