>Here's Big brother...now we're all going to be spies on our fellow citizens. > >http://www.eweek.com/article2/0,3959,481112,00.asp > >August 23, 2002 >By Caron Carlson and Dennis Fisher > >In an effort to bolster the nation's cyber-security, the Bush >administration has plans to create a centralized facility for >collecting and examining security-related e-mail and data and will >push private network operators to expand their own data gathering, >according to an unreleased draft of the plan. > >The proposed cyber-security Network Operations Center is included in a >draft of The National Strategy to Secure Cyberspace, which was >developed by the president's Critical Infrastructure Protection Board >with input from the private sector and is due to be released Sept. 18. > >The call for expanded data collection and analysis results from >administration concerns that efforts to secure cyber-space are >hampered by the lack of a single point of data collection to detect >cyber-security incidents and issue rapid warnings, according to the >draft strategy, obtained by eWEEK. Critics, however, worry that such a >system would be expensive and difficult to manage, and would allow >government agencies to expand their surveillance powers. > >Other recommendations include restricting the use of wireless >technologies by government agencies; requiring corporations to >disclose their IT security practices; establishing a "test bed" for >multivendor patches; creating a certification program for security >personnel; and mandating certifications for all federal IT purchases. > >Howard Schmidt, vice chairman of the PCIPB, said that the center would >consolidate threat data from the country's collection end points, such >as the FBI's National Infrastructure Protection Center, the Critical >Infrastructure Assurance Office, the Department of Energy and >commercial networks. Private companies would be encouraged to increase >the amount of data collected and share it with the government. > >"Major companies generally report this information internally," >Schmidt told eWEEK. "We're looking for that to come back to a central >location." > >According to the draft strategy, the public/private initiative would >involve the major ISPs, hardware and software vendors, IT security >companies, and Computer Emergency Response Teams, in addition to law >enforcement and other agencies. > >Some feel that the government's internecine rivalries and >information-sharing rules will hamstring any attempt at centralized >collection and analysis. > >"There are such high barriers in government to being able to >disseminate information and adjusting the environment to react to >threats, I don't think it will have much impact," said William Harrod, >director of investigative response at TruSecure Corp. in Herndon, Va., >and a former FBI computer forensic specialist. "They'll have different >information coming in from different analysts, and they'll have to >weed through it." > >The proposed strategy recommends that the center be partially >federally funded, but it would inevitably impose new costs on the >private sector without commensurate benefits, critics charged. > >"Government doesn't have a good track record when it comes to >collecting and disseminating massive volumes of data," said Kevin >Baradet, network systems director at Cornell University's Johnson >Graduate School of Management in Ithaca, N.Y. "We could be drowning in >data, most of it noise." > >Then there are the privacy concerns. > >"Whatever the federal government wants to do with its own data is OK >with me as long as it doesn't waste my personal and corporate tax >dollars," said Karl Keller, president of custom software developer IS >Power Inc., in Thousand Oaks, Calif. "The privacy aspects, however, >concern me greatly. This sounds like a dramatic and evil expansion of >Echelon and Carnivore." > >The strategy also calls on the FBI, Secret Service and Federal Trade >Commission to establish a single system for corporations to report >Internet fraud and extortion, illegal hacking, and unauthorized >network intrusions. It recommends that the federal government >systematically collect data on cybercrime victims and cyber-intrusions >from businesses. The administration hopes to assuage industry fears by >recommending legislative changes--including exemptions from Freedom of >Information Act requirements and exemption from antitrust laws--that >would reduce liability for companies turning over communications to >law enforcement.
