Feeds

US cyber-defense on track – report

Govt networks pretty safe nowadays

  • alert
  • submit to reddit

High performance access to file storage

Three years after declaring cyber-defense a national security priority, the United States government has won the trust of a once-skeptical tech industry, fortified security on military networks, and "created effective public-private partnerships" to combat computer attacks, according to a report released last week by the Critical Information Assurance Office (CIAO).

The 200-page report to Congress, Report of the President of the United States on Federal Critical Infrastructure Protection Activities, chronicles the government-wide effort set into motion by Presidential Decision Directive (PDD) 63, the 1998 Clinton memorandum that directed agencies to address vulnerabilities in eight critical infrastructures -- including banking networks, transportation systems, telecommunications, water, and power -- and created the National Infrastructure Protection Center (NIPC) and the CIAO.

The Clinton administration's cyber security efforts were subject to criticism from Congress last year. In June, US Senator Charles Grassley (Republican, Iowa) charged that the FBI-run NIPC responded too slowly to the LoveBug virus. In September, a House subcommittee issued a "report card" rating the cyber-security of 24 federal agencies, giving failing grades to more than a quarter of them, with an overall rating of D-minus.

Congress later mandated a full report on the administration's infrastructure protection work, due 15 January. The White House drew more criticism when it missed that deadline.

The CIAO released the report last Thursday. It provides a comprehensive look at the cyber-security programs and policies federal agencies have implemented, placing particularly strong emphasis on partnerships between the government and the private sector, which controls many of the underlying infrastructures covered by PDD-63.

Topping the list of cyber security achievements, federal agencies were able to "overcome the mistrust between the government and critical industry groups," reads the report.

Despite the government's efforts, "Potential adversaries-be they nation-states, cyber-terrorist groups, criminal organizations, or disgruntled insiders-can easily develop effective cyber-attack capabilities" to disrupt the United States' economic power and national security, the report claims.

"Achievements to date are notable, but there is still work to do. At present, there is no government-wide means for identifying critical system and their vulnerabilities and then fixing them," the report notes. "Economic growth, better government service and efficiency, and a stronger defense are all possible if we all continue to give high priority to securing cyberspace."

Under PDD-63, the CIAO is slated for termination this fall, though President Bush could issue another directive to continue its operations.

© 2001 SecurityFocus.com, all rights reserved.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.