WASHINGTON-With fresh indications last week that government and industry information systems remain highly vulnerable to cyber attacks, the Bush administration faces added pressure as it completes its review of the nation’s critical infrastructure protection policy and crafts one of its own.
From all indications, the White House has its work cut out for it.
A new General Accounting Office report concludes cyber security weakness continue to place critical federal operations and assets at risk. Such vulnerability, according to GAO, includes putting confidential personal data and military operations in harms way.
“Government officials are increasingly concerned about attacks from individuals and groups with malicious intent, such as crime, terrorism, foreign intelligence gathering and acts of war,” stated GAO, Congress investigative arm, in a report released at a House Commerce subcommittee hearing last Thursday.
“According to the FBI,” GAO said, “terrorists, transnational criminals and intelligence services are quickly becoming aware of and using information exploitation tools such as computer viruses, Trojan horses, worms, logic bombs and eavesdropping sniffers that can destroy, intercept or degrade the integrity of and deny access to data. As greater amounts of money are transferred through computer systems, as more sensitive economic and commercial information is exchanged electronically, and as the nation’s defense and intelligence communities increasingly rely on commercially viable information technology, the likelihood that information attacks will threaten vital national interests increases. The disgruntled organization insider is a significant threat, since such individuals often have knowledge that allows them to gain unrestricted access and inflict damage or steal assets without a great deal of knowledge about computer intrusions.”
The security of information systems has immense implications for the wireless telecom industry, especially as wireless telecom systems become an increasingly important component of the nation’s information infrastructure. Moreover, for wireless carriers themselves, the challenge of cyber security will become even greater in coming years as wireless and Internet technologies are integrated into handheld mobile devices.
At an industry conference recently, National Security Adviser Condoleeza Rice stated, “The president himself is on record as stating that infrastructure protection is important to our economy and to our national security and therefore it will be a priority for this administration.”
Though former President Clinton-through a May 1998 directive-is responsible for focussing high-level attention on cyber security, House Commerce Committee Chairman Billy Tauzin (R-La.) hammered the previous administration for not implementing the policy.
“The Clinton administration talked a great deal about cyber-security and critical infrastructure protection over the past several years, holding presidential summits and issuing presidential directives,” said Tauzin. “The administration said the federal government would serve as a model of good practices for the private sector-which controls much of our nation’s critical infrastructure-to follow. But, despite all the rhetoric, photo ops and paper exercises, the bad news continues to roll in, with each GAO review, with each inspector general audit, with each congressional oversight hearing, with each day’s newspapers and with each real-world test of the government’s computer security-no matter how recent.”
The Commerce subcommittee on oversight and investigations is looking into the circumstances surrounding Clinton’s selection of members to the National Infrastructure Assurance Council. In addition, the panel is looking into why Clinton did not submit a final cyber security report-as required by law-before he left office in January.
To address cyber security problems, there has been a push for information sharing and cooperation among high-tech firms. High-tech companies have been less comfortable working with federal law enforcement on cyber security, however.
