Cybersecurity chief says he doesn't want to change crypto rules -- yet (fwd)

Jim Choate ravage at einstein.ssz.com
Fri Nov 30 16:14:01 PST 2001 


---------- Forwarded message ----------
Date: Fri, 30 Nov 2001 10:47:23 -0500
From: "R. A. Hettinga" <rah at shipwright.com>
To: cryptography at wasabisystems.com,
    Digital Bearer Settlement List <dbs at philodox.com>, dcsb at ai.mit.edu
Subject: Cybersecurity chief says he doesn't want to change crypto rules -- yet

http://www.govexec.com/news/index.cfm?mode=report&articleid=21712&printerfriendlyVers=1&


  Daily Briefing  

November 26, 2001

Cybersecurity chief pushes early-warning system

By Bara Vaida, National Journal's Technology Daily

The top priorities for the White House Office of Cyberspace Security
include the creation of both an early-warning network for cyberattacks and
an analysis center that would help the government target the most
vulnerable points in the nation's critical infrastructure, the office's
chief said last week in an interview with National Journal's Technology
Daily.

Richard Clarke, special adviser on cyberspace security to President Bush,
said the early-warning network, called the Cyber Warning and Information
Network (CWIN), would at first be a voice system that would link major
computer-network operation centers and the information-sharing and
assurance centers (ISACs) that represent critical infrastructure sectors,
such as financial services, telecommunications and transportation.

CWIN would be modeled after the existing National Operations and
Intelligence Watch Offices Network, which connects senior officials at the
Pentagon, the National Security Agency, the White House, the State
Department and the CIA by phone within 15 seconds.

"Let's say someone [in the private sector] sees 'Nimda' [a computer virus]
spiking," Clarke said in describing how CWIN would work. "They can pick up
the phone and get most of the people that need to know right away.

"This is a case where the government doesn't know best or first," he added.
"So you need a public-private partnership to reach out to these nodes in
the private sector ...that see viruses first, that see the tsunamis of
denial-of-service attacks first."

Clarke also is working on building the National Infrastructure Simulation
and Analysis Center authorized under the section 1016 of the anti-terrorism
law that Bush signed into law last month. The center was authorized to
receive $20 million through the Defense Department and would create a
simulated model of the Internet, the nation's telecom system and its
physical infrastructure. The goal is to enhance understanding of how the
systems interact and to mitigate vulnerabilities.

"There really is no place today where there is a live model of the
Internet, and we want to model the interactions and interdependencies
between the Internet, the telephone networks, the electric power grid,"
Clarke said. "The way I describe it is [that] we need an 'acupuncture map'
of the U.S. You know, where are the pressure points?"

Developing a model also may help Clarke to articulate his message that
private-sector companies need to analyze their computer-security
vulnerabilities.

"The lesson I'm trying to get out to people ... is that we need to
understand what the worst-case scenario is and then do prudent risk
management so that you mitigate those possibilities," he said.

In addition, Clarke said Bush supports legislation by Sen. Robert Bennett,
R-Utah, that would exempt businesses from the Freedom of Information Act
(FOIA) when they share computer-security information with the government.
Clarke said he has talked to lawmakers on the issue.

On encryption, Clarke said he has no plans to change current U.S. policy,
though some people on the Hill wanted to reopen the issue after the Sept.
11 terrorist attacks.




Brought to you by GovExec.com
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list