War, Recession Highlight Need for Net Security

[InfoSec News <isn () c4i org>]

http://www.pcworld.com/news/article/0,aid,63303,00.asp

Carolyn Duffy Marsan, Network World
Monday, September 24, 2001

As the nation gets hit by the double-whammy of a war and a recession,
the need to improve Internet security is more critical than ever,
according to government and industry leaders speaking at a panel held
Friday on Capitol Hill.

Senator Bob Bennett (R-Utah), a champion of high-tech causes, says the
September 11 terrorist attacks plunged the United States into both a
war and a recession. He says Internet security is required to protect
precious information resources, such as the Federal Reserve Bank's
Fedwire fund transfer system, from cyberterrorism. He says Internet
security also is important in terms of improving productivity across
the U.S. economy.

"It is still vitally important that we pay attention to how well we
are doing in Internet security," Bennett says. "Someone who wishes to
could do us great damage."

Terrorism on the Net

Bennett says the U.S. has a leadership role to play in Internet
security, much as it has a leadership role to play in protecting the
world against terrorism. The U.S. war on terrorism will be fought over
the Internet, economically, and diplomatically as much as it will be
fought militarily, he predicts.

"How vital it is that all systems of the economy work well, and that
the Internet systems work well," he adds.

Bill Conner, president and CEO of Internet security software vendor
Entrust Technologies, concurs about the importance of protecting the
Internet as a critical communications infrastructure.

"There was a 911 call last week that I think went out to the Internet
and to Internet security," Conner says, referring to the terrorist
attacks in New York and Washington, D.C.

Conner says today's widely deployed technologies for Internet
security--firewalls, virus scanning and secure socket layer
transactions--aren't sufficient. Instead, he says Internet security
must be enhanced to protect the content of communications as well as
ensuring the identity of the people involved in the transaction.

Safe Communication

Specifically, Conner said an enhanced Internet security system would
provide:

* Identification of the parties at either end of the communication.

* Entitlements to control the access users get to information.

* Verification of transactions.

* Privacy to ensure that sensitive information is protected.

* Security management to administer security across applications and
  platforms.

"These are the requirements in a post-911 era," Conner says. "Anything
less than that can be compromised."

Conner recommends the federal government do a better job of
coordinating how it rolls out enhanced security services across its
many agencies. And he urges Congress to increase the resources devoted
to Internet security, pointing out that the Office of Management and
Budget has only two and a half people dedicated to monitoring Internet
security across the government.

Regarding encryption, Conner urges Congress not to control the
availability of encryption software or to build back doors into it.
"If we try to legislate or regulate encryption, it will become a
bullet used against us," Conner warns.

Government Eyes Privacy, Security Daniel Chenok, branch chief for
information policy and technology at the Office of Management and
Budget, says security and privacy underpin all of the federal
government's e-government initiatives. These initiatives are focused
on reforming how the government does business with consumers,
businesses, and other government agencies by taking advantage of the
efficiencies of Internet communications.

Regarding Internet security, Chenok says. "Clearly there has to be a
partnership between government and the private sector."

While Chenok offered no specifics, he says the federal government's
Internet security strategy may change in light of the September 11
attacks. "Clearly, at very senior levels all of these issues are being
reviewed and a number of decisions and actions on that will be taken,"
Chenok says.

The Internet Security panel was sponsored by the Business Software
Alliance, a public policy group that represents 18 software vendors
including Entrust, IBM, Microsoft and Novell.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.