from: http://www.aci.net/kalliste/ Click Here: <A HREF="http://www.aci.net/kalliste/">The Home Page of J. Orlin Grabbe</A> ----- The Protection Racket Cybercrime Early Warning: Another Government Ripoff First, put malicious retards in charge of security . . . The government's own computer systems may be derailing an effort between public agencies and private companies to create an early warning system for cyber attacks, the government's chief cyber-security man believes. Since 1998, a skittish private industry and the federal government have been working together to create a gigantic database of every hacking or computer hijacking incident, from the Love Bug viruses to small incidents that the public rarely hears about. By 2003, they hoped a constantly updated tool to combat, fight and forecast cyber attacks would emerge. Aside from the usual pitfalls of a private/public endeavor, the project has been moving along smoothly. But last week, GAO director Joel C. Willemssen, director of civil agencies information systems, told a congressional committee that security for the government computers where the info would be stored is so bad it may be driving away private business. Why trust the government? Why would a business trust sensitive information with a government in which 22 of its largest agencies suffer from some form of computer security problems, including poor controls over access to sensitive data?, he testified. Some agency managers are getting "overly broad" access privileges to very large user groups, and some users' shared accounts and passwords are posted in plain view, Willemssen said. The problems seem to be a "poor security management program" including testing systems for security flaws, he says. "To truly engage the private sector, the federal government needs to be a model for computer security. Currently, the federal government is not a model," he testified. Bruce Shier, chief technology officer of Counterpane Internet Security Inc. in San Jose, Calif., says private businesses are well aware that historically the government hasn't done well protecting its own secrets. "When you share your information you have to ask, can you protect it? They are asking for critical information about vulnerabilities. Or security events that aren't made public by company, but you don't want it out. Suddenly it's all over the world," he said. "A large collection of secret information is, by definition, a target." Project derailed as momentum builds The problem threatens to derail the effort just as it is beginning to pick up momentum. President Clinton hatched the idea in 1998. Since 1999, several industries have begun setting up information sharing networks. These Information Sharing and Analysis Centers (ISACs) will make up the early warning database. The first sector to have an ISAC was the financial industry, which has had one since 1999. In June, the Information Technology Association of America will be organizing an ISAC as well. Dan Woolley, the president of Global Integrity Inc. is familiar with both ISACs. He says the information is run through an "anonymyzer," a program that strips the information of any material identifying its source. Then it's either stored or disseminated, depending on the urgency. Bill to protect private information While the government tackles the problem of illegal information gathering, a bill in Congress is trying to take care of another industry concern: the legal release of information to the public. The bill is essentially a change in the Freedom of Information Act, which governs what information public entities must make available to the public. The bill would make anything in an ISAC exempt from public FOIA requests. It would also bar federal or state agencies from using the information to sue in civil court and let President Clinton hire non-government agencies to talk about the government's cyber security. Upside Today (www.upside.com), July 11, 2000 <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om