Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] CSM: Grand federal plans for cybersecurity falter,
Keine neuen Infos zum Cybersec-Plan in diesem Christian Science 
Monitor-Bericht, aber ein Hauch von Ironie.

from the September 19, 2002 edition -

    Grand federal plans for cybersecurity falter

Task force on computer terrorism drops stiff rules, asks individuals to 
guard their own corners of cyberspace.

By Mark Sappenfield <mailto:sappenfieldm -!
- csps -
 com> | Staff writer of The 
Christian Science Monitor

SAN FRANCISCO - Nearly one year ago, Richard Clarke stood before a 
gathering of Silicon Valley business leaders and told them that unless 
the lessons of Sept. 11 were heeded, the terror of that day would 
someday be repeated on the Internet.

In his first public address as President Bush's adviser on 
cybersecurity, Mr. Clarke issued a stark warning: "We still have a 
system ... that is vulnerable to sophisticated attacks," he said. "If 
done at a time of national security crisis, [they] could lead to 
catastrophic damage to our national defense."

Wednesday, Clarke returned to the Bay Area to announce the 
administration's response to this challenge, but the mood was 
dramatically different. Gone was the Jeremiad of last November, and in 
its place was a plan that one industry analyst derided as "worthless."

As airports ask Congress to delay a Dec. 31 deadline for screening all 
checked luggage and the TIPS program for citizen surveillance is 
trimmed, the cyberplan is a parable of how grand visions of greater 
security can be scaled back by practical limitations and Beltway politics.

With the tech economy already broken, Internet providers balked at added 
burdens, critics say, and a Republican administration frowned on 
creating a new tangle of laws.

The result is a series of well-worn guidelines that, in essence, simply 
ask users to pay more attention. Any sterner attempt to impel more 
accountability industry-wide, say analysts, has vanished.

"The government is telling every individual that it's up to them to 
protect their portion of cyberspace," says Russ Cooper of TruSecure, a 
data security company in Herndon, Va.

Among its nearly 60 suggestions, for example, the National Strategy to 
Secure Cyberspace says people should devise tougher passwords. It asks 
users to get antivirus software. It implores businesses to share 
information about hackers. It encourages government officials to do less 
of their work on wireless networks, which are less secure.

The hope is that the plan will provide the framework for businesses and 
tech companies to increase security on their own. Don't count on it, 
says Bruce Schneier.

"If you're the government, and you want people to do something, you pass 
a law," says Mr. Schneier of Counterpane, an Internet security company 
in Cupertino, Calif. "When push comes to shove, [a CEO] is not going to 
do something that puts [the company] at a competitive disadvantage," 
because it costs money.

"Cajoling only does so much," he says.

Yet cajoling is what Clarke is left with. The plan presented Wednesday 
is not even the final draft. Technology companies can lobby to reshape 
it for another 60 days.

According to sources, the plan has been reshaped a lot already. The 
Associated Press reports that an earlier draft asked Internet providers 
to give customers security software. Mr. Cooper adds that the government 
abandoned an outright ban on using wireless networks after wireless 
companies complained that it made them look bad.

The administration denies that corporations have had any influence in 
fashioning the plan, but critics say it has gradually become more 
friendly to businesses than consumers.

"As time passes, the guidelines get weaker and weaker," says Cooper.

Still, some look at the Internet infrastructure and say it is in 
businesses' best interests to invest.

They say hackers - be they enemy nations or terrorists - could cause 
chaos. Power grids could be shut down. Internet trading on the stock 
markets could be spiked. Entire sections of the e-economy could be upended.

"An attack would not be difficult to launch," says Sushil Jajodia, 
director of the Center for Secure Information Systems at George Mason 
University in Fairfax, Va. "Because the country is so connected to the 
Internet, we now are vulnerable."

Other analysts, though, say the risk of cyberterror is overstated.

Compared with the devastation physical attacks can cause, cyberattacks 
would merely be temporary inconveniences, they say.

"I don't see Al Qaeda sitting in their caves talking about how to crash 
our pager network," says Cooper.

Instead, these critics would rather the government focus on what they 
see as the real threat - economic damage caused by hackers out for an 
Internet joy ride.

Computer security cannot be accomplished through a user's antivirus 
package, they say. It's done by making Internet service providers and 
software companies - either through laws or public pressure - take more 

The Code Red worm, which wriggled its way across the Internet through 
holes in Microsoft software, cost companies more than $2 billion last 
year. Service providers could have shut down the link that fueled the 
virus, some say, and Microsoft - while taking steps to patch gaps in its 
software - could do more, as well.

"Any recommendation where the home user is expected to do much isn't 
going to work," because they can't track all the updates, says Richard 
Smith, an Internet security consultant in Cambridge, Mass. "It's a lot 
easier to get Microsoft to do something."

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.