Friday, June 28, 2002

Government Unprepared on Cybersecurity?. From CIO magazine: A new survey conducted by the Business Software Alliance has found that almost half of all IT professionals believe that the government will be hit by a major cyber attack some time in the next year. Wait, it gets worse. One third of those who believe that a cyber attack is on the way also believe that such an attack is extremely likely, and almost three quarters think the government is unprepared. I'm not sure how much I trust a survey done by BSA.  Seems like the results are pretty self serving.  What's even more ironic is that Microsoft is at the same time the largest supporter of BSA and the largest cause of security problems in government or out! States will probably beat the Feds to security for several reasons: Most state governments are much smaller than even small federal agencies.  Utah, for example, employs just 22,000 people.  Comment: This also means that states are much smaller targets and do not have such a broad array of professional hackers, potential terrorists and nation-sponsored cyber-warfare specialists targeting them.  If they did, we would certainly have much bigger problems.  Certainly, there are pockets in the Federal government that are much further progressed than any of the states in addressing this issue. The Feds are "assisting us" with requirements like HIPPA that give us a monetary interest in security.  HIPPA will set a minimum security standard for the entire network.   Comment: Certainly helps to apply some pressure with the legal requirement as well. Some states (like Utah) have a statewide network with controlled access points to the Internet.  Having one group managing security for the entire network greatly increases the chances of doing effective intrusion detection, profiling, etc.  Comment: Now we need to move to create a consolidated security team at the enterprise level. I'm much more concerned about what is being done to protect "non-IT" assets from cybersecurity threats than the standard computer attack.  Many critical systems have embedded computer systems, but no IT oversight.  Until business managers (in government and out) start treating IT professionals as partners who can make important contributions to the business as a whole, we'll continue to be vulnerable.  [Windley's Enterprise Computing Weblog] 1:28:59 PM

FS-ISAC The FBI is coordinating with the financial services sector to create a new information sharing and analysis center (ISAC).  It seems to me that the ISAC initiative duplicates Infragard to some degree except that it is more sector specific.  This site contains a Flash video that tells what ISACs are all about. The FBI has finally assigned a replacement for Craig Phillippe in Salt Lake City.  Craig was the FBI's point man for Infragard in this area, but has been quite distracted due to Olympic and other assignments.  Now he has been moved to Washington, DC.  Bonnie Hung of the Idaho National Engineering Lab (INEL) is the temporary president of the Infragard of the Wasatch.  I am the only remaining trustee from the original board.  I plan to meet with Bonnie and Cheney soon to get things going again. 10:54:58 AM

© Copyright 2002 David Fletcher.