[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 23, 2002

Clips July 23, 2002

ARTICLES

Colleges'?Worry as Company Failures Threaten High-Speed Upgrades
OMB details first level of federal enterprise architecture
Adopt U.S. kids online
Alleged CD patent infringement to be investigated
Military Web sites increase in popularity
U.S. Cyber-Security Efforts Faulted
New tools to fight spam
Privacy Advocates Urge Use of States' Common Laws
Holcomb detailed to Homeland
Fixing a communications breakdown
FBI: Accelerated IT plan not realistic
Lessons learned after Sept. 11
FBI fingers problem system
Cyberterrorism drill set
Davis pushes for baseline security standards in HSD markup
Bush security plan calls for background checks
Are Hacking Defenses Winning the War?
Hollywood heads up anti-piracy charge
Give a geek a hug
Federal IT Systems Vulnerable To Cyberattack, Report Says
Cybersecurity confusion hampers government
China claims 3rd place in world Net usage
Wireless (In)security
Cult sells 'cloning machine' online

********************
Chronicle of Higher Education
Colleges' Network Managers Worry as Company Failures Threaten High-Speed Upgrades
By FLORENCE OLSEN

Colleges' networking experts are watching nervously as financial failures rock the telecommunications industry. The experts say the failures could end up delaying upgrades to high-speed research networks, and that one -- a bankruptcy in Europe -- could cut off high-speed trans-Atlantic Internet service between Abilene, which is the Internet2 backbone in the United States, and its European counterpart, Géant.

How far such financial failures may extend is anybody's guess at this point. "We are tracking this, as you might expect, on an hour-by-hour basis," says Steven Corbato, director of backbone-network infrastructure for Internet2, the consortium of universities and companies that are interested in next-generation networks and applications.

The bankruptcy in Europe involved KPNQwest, which declared bankruptcy this month after failing to secure additional financing for its operations. KPNQwest had provided Internet-backbone service in Europe and had set up two high-speed, trans-Atlantic circuits between Géant and Abilene. Those two circuits, which carry the largest volume of research and education exchanges of any circuits on the Géant network, are still operating normally -- but no one knows for how long.

The circuits will continue working until something malfunctions or until someone cuts off the power, says Dai Davies, general manager of Dante, a nonprofit organization set up to help manage the Géant backbone. Since the bankruptcy, neither KPNQwest nor any other company is maintaining the circuits. "The KPNQwest network in Europe is crumbling away," Mr. Davies says.

As replacements for the two KPNQwest circuits, Dante has ordered three new trans-Atlantic circuits from two separate telecom companies -- Level 3 Communications and Deutsche Telekom. But Mr. Davies says the new circuits won't begin operating until competing carriers make the final connections inside 60 Hudson Street, a building in New York that houses the equipment of more than 100 telecom companies. "It's the lack of cooperation among the telcos today," he says. "They really don't want to connect with one another."

One of the two largest shareholders in KPNQwest is Qwest Communications, whose transcontinental fiber-optic cables underlie the Abilene network. Some university officials say they can only hope that the malaise in the telecommunications sector will not further disrupt the Internet2 project, including Qwest's plans to upgrade Abilene.

"From our perspective, it's business as usual, because [we] don't know what the alternative would be," says Bonnie Neas, assistant vice president for federal-government relations and director of Internet research at North Dakota State University. Universities are even discussing whether to buy distressed telecom assets or underground fiber-optic cable -- an idea that would have been unthinkable a few years or even a few months ago, she says.

"There is certainly a high degree of interest now in potentially acquiring telecom assets for what might be termed pennies on the dollar," says Mr. Corbato, director of Internet2 infrastructure. Even so, the costs of buying and operating underground fiber are daunting, he says.

Officials who administer the Internet2 project acknowledge that these are difficult times in the telecommunications business. Internet2 depends on its corporate partners for membership fees, know-how, and financial contributions. One of those partners, WorldCom Inc., filed for bankruptcy protection on Sunday, setting a record for the nation's largest bankruptcy.

WorldCom provides very high-performance backbone network service -- vBNS+ -- for more than 100 federal-government agencies and for the nation's supercomputer centers. Services for WorldCom's customers are not expected to be disrupted, at least not in the short term, but the supercomputer centers also have connections to Abilene, which networking officials say would help mitigate the loss of vBNS+ service in the unlikely event that it were to occur.

"It's hard to speculate what's going to happen," says Jill Arnold, director of corporate relations for Internet2. But she says that key corporate members from the telecom industry -- Cisco Systems, Juniper Networks, Nortel Networks, and Qwest Communications -- have not wavered in their commitment to Internet2, even though some of those companies have been hit by the downturn in technology spending.

Qwest also is the subject of a formal inquiry by the Securities and Exchange Commission. The agency is investigating the telecom giant's financial accounting for 2000 and 2001.

The Abilene upgrade, which Qwest officials say is on schedule for completion by late summer of next year, will create a backbone that is four times as fast as the current backbone. What researchers will see as a result of the upgrade "is the ability to do much larger applications across greater distances in less time," says John Walker, vice president of government and education solutions for Qwest.

The faster backbone will rely on the latest optical technology, called dense wave-division multiplexing, to carry data among far-flung research sites. Juniper Networks will provide routers the size of small refrigerators that will be capable of pushing information at speeds of up to 10 billion bits per second. The routers will be equipped with the latest version of the Internet Protocol, called IPv6, which Juniper and university researchers are eager to test on a real network.

"It's a real plus for us to have them ... giving us feedback, so when the commercial world is ready to do this stuff, we'll be ready to provide it," says John Jamison, consulting engineer for research and education markets at Juniper.

Qwest's agreement to provide service for Abilene extends for another four years. That commitment is reassuring to some, but others are watching closely to see how events unfold.

"In the current telecommunications market, four years is a long time," says Aubrey M. Bush, director of advanced-networking infrastructure and research at the National Science Foundation. "The current chaos in the market has the potential for [affecting] not just the research and education community," he says, "but everybody else."
*************************
Government Computer News
OMB details first level of federal enterprise architecture
By Jason Miller

The Office of Management and Budget today released a fresh version of its e-government business reference model, the first component in OMB's stated goal of a complete federal enterprise architecture. Mark Forman, the Office of Management and Budget's associate director for IT and e-government, called it "a quantum leap for the federal government."

The document outlines what it calls the business lines, or chief missions, each agency engages in and how each line relates to programs at other agencies. It lists 35 external and internal lines of business and 136 subfunctions within those 35 lines. All of the functions call into three main business areas, OMB said. One goal of the eventual enterprise architecture is elimination of redundancy in the various functions.

The three main business lines are citizen services, delivery services support, and internal operations and infrastructure. Examples of citizen service business lines are asset management, law enforcement, mail delivery, public health, social services and transportation.

"OMB can now work hand-in-hand with agency officials to look strategically at federal business operations and understand the gaps, overlaps and opportunities," Forman said in a written statement. "The BRM provides OMB and the agencies with an invaluable new tool for improving the business of government."

OMB detailed the model on the new Federal Enterprise Architecture Program Management Office Web site, at www.feapmo.gov . It also will release other documents later this fall, such as performance reference, data reference, application capabilities reference and technical reference models.
************************
USA Today
Adopt U.S. kids online

By Marilyn Elias, USA TODAY

The nation's largest Internet adoption site premieres today with photos and descriptions of about 3,000 children who desperately need parents.

"The Web erases geographic barriers, and adults living miles away from these kids may be able to provide wonderful homes once they know they're available," says Susan Orr of the Children's Bureau at the Department of Health and Human Services (HHS).

HHS is the primary funder of the Web site, called AdoptUSKids. The National Adoption Center (NAC) in Philadelphia developed the site and is managing it.

The children shown, awaiting adoption through public agencies, are not much-desired healthy infants. Most youngsters at the site are school age and have handicaps physical, emotional or intellectual. Some are part of sibling groups to be adopted together. Many are ethnic or racial minorities.

The new site "will be a great tool for finding homes," predicts Joe Kroll of the North American Council on Adoptable Children.

Adoptions are increasing, thanks to a 1997 federal law that limited how long kids could remain in foster care before agencies started looking for permanent homes. The law was prompted by concern over adoptable children spending a long time in foster care. Financial incentives offered to states that stepped up adoptions "got states to act on the ones who could be easily adopted," Kroll says. Lots of youngsters were adopted by their foster families.

Many of the kids still on public adoption rolls have been waiting for years and have serious disabilities, he says. So a "one-stop" site that maximizes their pool of potential parents makes sense.

Even youngsters with serious problems can make progress in a good home and give their adoptive parents plenty of joy, says Carolyn Johnson, executive director at NAC. "The key is full disclosure, that parents understand what the child needs."

No painful surprises hit Michelle Kleehammer, 31, of Pilot Mountain, N.C., after last year's adoption of 9-year-old Philip. She and her husband found him at a smaller Internet site run by the NAC. They knew Philip had been exposed to crack and excess alcohol in utero, was mildly retarded and diagnosed with attention deficit hyperactivity disorder (ADHD).

Nonetheless, "we fell in love with him the moment we saw him," Kleehammer says. Philip lived in a foster home five hours away by car. After a series of long visits, they took him home for good in March 2001. By April, he was off drugs for ADHD and anxiety, Kleehammer says. "He called us Mom and Dad from the start, and once he was in a stable environment, he just didn't seem to need the medicine anymore," she says.

Kleehammer home-schools Philip. "His neurologist said he'd pick up six months in a year of schooling, but when we had him tested a while ago, he'd progressed 18 months in eight months, so we think he's catching up quickly."

Although the boy needs ongoing medical care and focused attention, "he's made us so happy. ... He's a gentle, nurturing child and pretty much the center of our universe," Kleehammer says. They have a 4-year-old foster daughter whom they're thinking of adopting. And now they're looking on the Net for another child.

Shelley Naber, a 36-year-old homemaker in rural Wisconsin, has three adolescent daughters and wanted a larger family. "We'd been trying for so long," she says. Then she and her husband, Roger, saw 8-year-old Amber at the NAC site in the fall of 2000. A victim of severe neglect and abuse, Amber would do best as an only or youngest child, her page said.

Amber had been in therapy for three years and she needed it. Her parents had done terrifying things to Amber and two younger siblings. "One time they tied her to a tree for three days and left her alone in the forest," Naber says.

Although she's had understandable trouble trusting adults, Amber has become much less anxious over the past 15 months in their structured, loving home, Naber says. Her therapy sessions are tapering off. "She needs a lot of attention, and we're willing to give that to her. Now she's really starting to feel like family."

The new Web site provides information on all kinds of disabilities youngsters might have and offers online courses for parents preparing to adopt, Johnson says. Weekly moderated chats, message boards and support groups also are available. Parents may search for youngsters by preference age, gender, etc.

A section for social workers will speed replies to parents interested in children and allow adoption managers to monitor responses, "so kids don't fall through the cracks," Johnson says. Prospective parents still will need to be approved for adoption after evaluations and home visits by social workers.

HHS spent $1.6 million to set up AdoptUSKids, and it will cost more than $2 million to keep the service going each year. The site owes its existence not only to the federal money but to four firms that donate key services: Oracle Corp.; Answerthink; SunGard and Sears Portrait Studio. The Freddie Mac and Dave Thomas foundations provided about $500,000 of the start-up costs, Johnson adds.

Will it be worth all the effort and money? Orr says U.S. children spent an average of four years in foster care before being adopted in 1999, the most recent figures available. "That's way too long," she says. "We should do whatever we can to shorten it."

Some view the parents who leap in to adopt as heroes. But they often say they're the lucky ones. "The Christmas when we found out we could have Amber was the most joyous one we ever had," Naber says.

Her optimism personifies the slogan of the National Adoption Center, listed on all its official papers and a key premise for the Web site: "There are no unwanted children ... just unfound families."
************************
USA Today
Alleged CD patent infringement to be investigated

WASHINGTON (AP) The U.S. International Trade Commission said Monday it will investigate charges by a subsidiary of Dutch electronics manufacturer Philips Electronics that importers are violating its patents on recordable and re-writable compact discs. Philips said late last month that 19 companies have infringed its patents by manufacturing or selling imported CD-R and CD-RW discs in the United States without a license.


Philips asked the ITC, which is an independent government agency, to ban the importation of unlicensed discs into the United States.

The companies named were: Acme Production Industries, Bregusa Micro International, Digital Storage Technology, DiscsDirect.Com, Gigastorage, Jacsonic Group, J & E Enterprises, KingPro Mediatek, Linberg Enterprise, NewEgg.Com, PNY Technologies, QTC Computer Systems, STI Certified Products, Symmetry Group, Tiger Direct, TKO Media, U.S. Digital Media and Xtraplus.

More than 70 manufacturers are licensed by Philips to make CD-Rs and CD-RWs.
************************
USA Today
Military Web sites increase in popularity
By Russell Shaw, Gannett News Service

After the terrorist attacks of Sept. 11, Marco Perches, 19, felt an overwhelming urge to enlist in the military. In years past, the Hastings, Neb., native would have visited a recruiting station and collected a small library of printed brochures to learn about a military career. Instead, Perches used the Internet to research his options in the armed forces.


"Enlisting in the military seemed like a great opportunity to serve my country," Perches said. "I began visiting the '.mil' sites, and I asked a lot of questions about the process(es) of schooling and advancement," he said, referring to About.com's military site.

Sites with the suffix dot-mil are operated by one of the branches of the military just as the dot-com suffix identifies commercial sites.

Recent data from Nielsen/NetRatings, which measures Web site traffic, suggests a spike in popularity for some military and military-themed Web sites. For example, the number of visitors to the Air Force's site rose from 573,000 visitors in April to 609,000 visitors in May and 757,000 in June.

Nielsen/NetRatings attributed a good bit of this momentum to "savvy marketing and recruiting techniques as well as timely and useful news and information" on the flagship sites of the U.S. Navy, Army and Air Force.

Retired Air Force First Sergeant Rod Powers, who runs the About.com Military site, sees a broader trend in play: the high profile of national defense, security and armed forces issues in recent months.

"Since 9-11, the military has been in the news daily. A person sees something on network news, and it spikes their interest," Powers said. "They use a search engine with the term "military," and find themselves visiting one of the military-themed sites."

The military hosts dozens of sites and third parties run thousands more. In its directory, for example, Yahoo lists more than 2,300 sites about the U.S. military. The 29 specific categories encompass areas such as careers, special tactics operations and issues of interest to women in the Armed Services.

Taken in total, the increase in military Web site visits is more than just a statistical phenomenon. According to Perches, who is now a seaman apprentice with the Navy, there is a lot of emotion at work.

"It's a combination of curiosity, respect, and for those like me, (people) who want more information on the paths we have chosen for our future," he said.

Armed forces sites

Each of the armed services maintains a robust site. Here's quick look at each:

The U.S. Air Force site (www.af.mil) has basic information about the branch, a section about career opportunities and links to sites for specific Air Force bases. For example, the Barksdale, La., Air Force Base site (www.barksdale.af.mil) includes information about the B-52 bombers based there.
The U.S. Army site (www.army.mil) offers news headlines, features, and links to a robust career site with comprehensive information on the 212 "Military Occupational Specialties" the Army offers.
The U.S. Coast Guard site (www.uscg.mil/uscg.shtm) has sections on homeland security, port and waterway security. Its jobs site has career information, including such national defense-related fields as Port Security Specialist.
The U.S. Marine Corps site (www.usmc.mil) has a news section with video clips. The site also offers a Recruiting section with e-mail links to recruiting stations.
The National Guard site (www.ngb.dtic.mil) offers news updates, as well as Army and Air National Guard career information, searchable by specialty and state.
The U.S. Navy site (www.navy.mil) contains sections devoted to specific bases and stations. For example, the Naval Air Station Pensacola's site (www.cnet.navy.mil/naspcola) has pages about the Blue Angels, who are based there. There is also a link to a Careers site (www.navy.com) that has a ZIP-code searchable recruiter locator and information on hundreds of specialties.
*************************
New York Times
U.S. Cyber-Security Efforts Faulted
By THE ASSOCIATED PRESS

WASHINGTON (AP) -- Years after orders from the White House to beef up the security of the nation's most important computer systems, the government is having trouble identifying which organizations should be involved and how they should be coordinated, according to a new report.

President Bush's recent proposal to create a Cabinet-level Department of Homeland Security said at least 12 organizations oversee protection of important infrastructure. But the General Accounting Office, the investigating arm of Congress, said it identified at least 50 organizations already involved in such efforts, usually focused on protecting vital computer networks.

The GAO said those groups include five advisory committees, six organizations under the White House, 38 groups under executive agencies and three others. Within the Defense Department alone, the GAO found seven organizations.

Those numbers might go up. Richard Clarke, the chairman of Bush's cyber-security protection board, said the Sept. 11 terror attacks and their aftermath have caused the administration to consider broadening definitions of critical infrastructure to include national monuments and chemical industries.

``We have learned from the tragedy on Sept. 11 that our enemies will increasingly strike where they believe we are vulnerable,'' said Sen. Joseph Lieberman, D-Conn., who asked for the GAO report as chairman of the Governmental Affairs Committee. ``As this report shows, our cyberspace infrastructure is ripe for attack today.''

Clarke also noted that most of the networks needing protection are owned by private companies, universities, state and local governments and even home computer users. ``This presents a unique strategic challenge,'' Clarke said in a letter to the GAO.

The government previously defined critical infrastructures to include banks, hospitals, water and food supplies, communications networks, energy and transportation systems and the postal system.

The GAO report warned that the problem can't be solved at least until it's defined well. ``The opportunity for ensuring that all relevant organizations are addressed exists in the development of the new national strategy,'' it said.

Even organizations already involved are slowly discovering the scope of the problems from an increasingly interconnected world. An early warning network for the nation's food manufacturers recently decided it needed to coordinate with the Interior Department because that agency controls many of the country's water supplies and hydroelectric dams for electricity.

The GAO also noted that it was nearly impossible to know how much the U.S. government was spending on the protection of its infrastructure, because the organizations involved don't receive money for specific projects and don't track such spending.
**************************
Reuters
Privacy Advocates Urge Use of States' Common Laws
Mon Jul 22, 5:27 PM ET
By Andy Sullivan

WASHINGTON (Reuters) - With consumer-privacy efforts stalled in Congress, one expert is arguing that those who fear that intimate details of their private lives could be exposed already have plenty of protection through existing common law.



More than one hundred years of civil lawsuits in courtrooms around the country have provided a broad understanding of privacy rights, allowing consumers to sue for damages and encouraging companies to refrain from invasive practices, said Jim Harper, editor of the conservative think tank Privacilla.org.

In a report due to be released on Tuesday, Harper argues that lawsuits -- or the fear of lawsuits -- have largely held abusive marketing practices in check, while allowing companies to develop new techniques that result in savings for the consumer.

"State privacy torts provide explicit baseline protections for privacy at the same time as they allow innovative new uses of information to occur. For the most part, they have been unsung as privacy-protecting laws in the United States," Harper said in the report, which he will present at a meeting of state legislators later in the week.

Other experts say that while civil suits can be effective, they only provide a partial solution and must be augmented by laws that prevent abuses from happening in the first place.

Consumers are often reluctant to undertake expensive and time-consuming lawsuits in which damages are difficult to prove, they say, meaning that many violations go unpunished.

"I do think that lawsuits terrify companies more than (legislative laws) do ... but it's an adjunct, it's not a total solution," said Robert Ellis Smith, publisher of Privacy Journal.

NEW LAWS UNLIKELY THIS YEAR

The concept of a right to be left alone first arose in an 1890 Harvard Law Review article in response to new technologies like the camera and mass media that could expose an individual's private details. Computers, the Internet and other new information technologies have increased concerns exponentially over the past 30 years.

Congress has passed laws that place limits on how companies can share consumers' medical and financial information, and lawmakers have introduced dozens of bills that target online information-collecting practices in this session.

One measure has passed out of the Senate Commerce Committee over the objection of many high-tech firms, but insiders say it is unlikely to become law this year as time runs short and homeland security, corporate reform, and prescription drugs dominate the agenda.

In the House of Representatives, key Republicans have lined up behind a bill but it has yet to move out of subcommittee.

Harper said consumers will be better off without laws that could stifle innovation and prove unenforceable. The common law built up through the courts is a better mechanism to curb marketplace abuses, he said.

"I never have litigated a single case, but I've benefited from other litigation," he said.

Marc Rotenberg, executive director of the Electronic Privacy Information Center said that common law can be an effective tool, pointing out that the privacy-rights group had argued in New Hampshire that it should be extended to cover brokers who collect and sell personal information.

But common law should not be the sole basis for privacy protections because the outcome of court cases is not predictable, Rotenberg said.

"It's in the interest of businesses as well as consumers to create frameworks where the collection and use of personal information will occur in a regulated environment," he said.
**************************
Reuters Internet Report
Internet Is Safe Despite WorldCom Woes - Experts
Mon Jul 22, 7:38 PM ET
By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - The bankruptcy filing by WorldCom Inc. , which transmits half of the world's Internet traffic over its backbone network, does not threaten to slow the Internet and is unlikely to prompt widespread outages, experts said on Monday.
The No. 2 U.S. long-distance telephone and data services company filed for Chapter 11 bankruptcy protection on Sunday, brought down by a $3.85 billion accounting scandal and a mountain of junk-rated debt.

But the bankruptcy filing by the Clinton, Mississippi-based company "will have almost no effect whatsoever" on the Internet, said Peter Salus, chief knowledge officer at Austin, Texas-based Matrix NetSystems Inc., which measures Internet performance.

To begin with, Chapter 11 protection increases WorldCom's chances of survival, Salus said.

In that sense, the situation is different from KPNQwest, a joint venture between Dutch national carrier KPN and Denver-based Qwest, which declared bankruptcy in May. KPNQwest began shutting down parts of its European Internet backbone, dubbed the Ebone, earlier this month.

"As long as the physical network is there" the Internet will continue to operate as usual, said Salus. "With Ebone, a piece of the network was actually shut down on a country-by-country basis."

The partial Ebone shutdown may have slowed performance on some Internet connections across Europe, but there were no reported blackouts, experts said at the time.

Many of KPNQwest's customers had already switched service providers or were using parts of the Ebone that were kept running by Europe's major phone carriers.

A message on KPNQwest's Web site dated July 19 said the network was operational but that there was no one available to provide customer support. The company was in negotiations that could result in a restart of its business, the message said.

GOVERNMENT, BUYERS WOULD STEP IN

If the Chapter 11 reorganization does not succeed for WorldCom, its assets will be sold or the U.S. government will step in to ensure that there is no impact on the network, experts predicted.

"We've heard from WorldCom and the FCC ( news - web sites) (U.S. Federal Communications Commission ( news - web sites)) that there should be no impact on the network itself," said Russ McGuire, chief strategist at TeleChoice Inc., a Tulsa, Oklahoma-based consultancy.

There is a glut of Internet backbone capacity from companies which had anticipated continued growth before the dot-com bust, so other backbone providers could likely handle the excess load should WorldCom have trouble, said Rodney Joffe, chief technology officer at UltraDNS Corp. The San Mateo, California company provides services to ensure that domain names remain available during network interruptions.

Despite that glut of capacity, rival Internet backbone and service providers could not immediately replicate WorldCom's dial-up and other infrastructure, he said.

"If WorldCom were to go away, that amount of traffic could not be absorbed by the other Internet service providers," Joffe said. "So I don't think anyone wants to see WorldCom disappear."

While experts were optimistic about the Internet's viability during WorldCom's reorganization, they were much less certain of the company itself.

WorldCom customers are already beginning to move to alternative service providers, although doing so can take many months, they said.

"If enough large customers do shift, that will mean that no matter what reorganization WorldCom does, they are now lacking the customer base; a self-reinforcing type of cycle," Salus said.

The company may also be unable to invest the money it takes to keep its network maintained or build it out to keep up with subscriber growth, said McGuire.

"If WorldCom continues to operate UUNet (its Internet backbone provider), their cash flow could be an issue," he said.
*****************************
BBC
Four charged over moon rock theft

Three American students who worked in summer jobs at Nasa space agency and another person have been charged with stealing valuable moon rocks and attempting to sell them on the internet.

Undercover agents from the Federal Bureau of Investigation and the Nasa Office of the Inspector General arrested the four, aged between 19 and 26, after recovering a safe containing samples worth more than one million dollars.

It had been stolen from the Johnson Space Centre in Houston, Texas.

The FBI were alerted to the theft following an e-mail tip-off, and since May this year had communicated with a group claiming to offer the "priceless moon rocks" - which were collected by astronauts on the Apollo missions during the late 1960s and early 1970s - for sale.

Three of the suspects have been charged with conspiracy to commit theft of government property and transportation of stolen property, while the fourth is charged with conspiracy.

The three students who worked at Nasa have also been fired.

Sting operation

An advert had been placed on the Mineralogy Club of Antwerp, Belgium's website, offering the samples for between $1,000 and $5,000 a gram, the Associated Press news agency reported.

In the start of an elaborate sting operation, the FBI began e-mail correspondence with the accused, who freely acknowledged that the sale of moon rocks was illegal under US law.

"As you well know, it is illegal to sell Apollo lunar rocks in the United States," one e-mail said.

"[We] must be cautious that this deal is handled with delicacy in that [we are] not publicly exposed."

Historical records of the samples were exchanged with the investigators to prove their authenticity.

Security measures

A meeting between three of the accused and FBI agents was then arranged last Saturday in a Florida restaurant, during which police say the suspects described how they had stolen the safe containing the rocks and loaded it into a sports utility vehicle.

They were then arrested, with the fourth alleged conspirator taken into custody in Houston the same day.

Two have since been released on bail while two others are being held in prison awaiting court hearings.

Nasa officials said they were confident that all specimens had been recovered safely, but BBC correspondents say that the space agency is planning to tighten security following the theft.
***************************
Federal Computer Week
Holcomb detailed to Homeland

Lee Holcomb is on detail as the director of infostructure at the Office of Homeland Security and will be working on interoperability and enterprise architecture issues.

Holcomb, who has been the CIO at NASA for nearly five years, will report to Steve Cooper, senior director of information integration and chief information officer at the Homeland Security Office.

The assignment comes about as Congress debates how to shape the department and as an interagency board hashes out its integrated information technology infrastructure.

The Office of Management and Budget last week froze more than $1 billion in IT projects at major agencies slated to join the organization.

The freeze, detailed in a July 19 memo, affects planned investments of more than $500,000 at the Transportation Security Administration, the Coast Guard, the Federal Emergency Management Agency, the Immigration and Naturalization Service and other agencies.

Following reviews, the board will recommend reductions and consolidations in IT spending. Because NASA isn't part of the mix, Holcomb doesn't have ties to the systems at stake.

Further, he is co-chairman of the CIO Council's federal architecture and infrastructure committee and a longtime champion of centralization efforts.

Before becoming NASA's CIO, Holcomb was a senior engineer at the Jet Propulsion Laboratory.

Paul Strassmann is now acting CIO at the space agency. Strassmann began work May 1 as a senior IT adviser to NASA Administrator Sean O'Keefe, assessing information management operations, helping develop and implement an agencywide vision for IT, and collaborating on the delivery of an integrated financial management system.
***********************
Federal Computer Week
Fixing a communications breakdown
Homeland security puts focus on interoperability of public safety systems

Shortly after American Airlines Flight 77 crashed into the Pentagon Sept. 11, the Arlington County, Va., Fire Department led a response and recovery effort involving 50 public safety agencies from neighboring Virginia communities, Maryland, Washington, D.C., and the federal government.

Numerous police, fire and rescue units quickly established interoperable voice radio communications, largely because the region had prepared for such an event during the past 20 years. In all, there were about 900 radio users, many of them capable of talking to one another with radios built to work on the 800 MHz band of the radio spectrum.

"When the big one occurred on Sept. 11, everybody who came on site with a radio was able to come on the Arlington radio system," said the assistant fire chief of Arlington County, John White, a 23-year department veteran who runs the technical services division.

"I try to put myself back in the frame of mind when we were on a VHF high-band radio system with two channels," he said. "What would we have done in September had we had that system still in place? We would have had problems, and I know that that is still the norm in a lot of areas in the United States."

Although the lack of interoperability the ability of first responders and others from different agencies or jurisdictions to communicate with one another has been a major obstacle for the public safety community for decades, the scale of the Sept. 11 attacks raised the issue to a national level never before seen.

"I think the idea of interoperability is on the lips and in the minds of a lot of important people right now," said Robert Lee Jr., a program manager at the Public Safety Wireless Network (PSWN). "And so their talking about it is the first step to arriving at solutions." The Justice and Treasury departments created PSWN six years ago to help educate and serve as a resource on the issue.

As the threat of more attacks looms, officials on Capitol Hill and at the White House have pledged to help the nation's first responders police, firefighters and emergency medical personnel with more resources for not only disasters, but also day-to-day emergencies.

Public safety officials who have been calling for more space on the radio spectrum, increased funding and better technologies and standards say they are encouraged by the increased attention given to interoperability. But they caution that it is a complex issue with significant hurdles that will take time to overcome.

From Analog to Digital

For decades, local public safety agencies acquired land mobile radio communications that are largely incompatible with one another. The problem was that manufacturers did not develop systems based on common standards.

"The way the vendor community operated in this area, there was a marketing goal not to facilitate interoperability with competitor systems," said John Cohen, a former police officer and federal agent and now president of PSComm LLC, which offers consulting services in this area.

"The reason is there is a value proposition if you, as a large radio provider, can say, 'I can provide interoperability across all these agencies, but you have to be using my product,' " Cohen said.

Change was nearly impossible because those radio systems, being analog, were hardwired to work independently.

That poses a problem when multiple agencies respond to a disaster. For example, after the 1995 Oklahoma City bombing, numerous first responder agencies could not communicate with radios and instead employed runners to carry messages back and forth, sources said.

Public safety agencies have not done themselves any favors, observers say, by allowing turf wars to hinder coordination of communications systems. "And that is probably the most important [factor], because without bringing people together to talk about the problem, we're not likely to have solutions that will be useful to everyone and accepted by everyone," Lee said.

Several states and regions are planning or developing systems that will reduce those problems. Most initiatives involve digital trunked systems, which improve the capacity and management of radio traffic. And many of the systems use channels in the 800 MHz band, which is allocated for public safety use by the Federal Communications Commission.

States or regions often decide to develop new systems because their analog systems are outdated and in need of repair. But then, as now, disasters often provided the impetus for change.

Ohio, for example, began developing an 800 MHz digital wireless system more than two years ago. Development of the Multi-Agency Radio Communications System (MARCS) was precipitated by two natural disasters, as well as a prison uprising about a decade ago that resulted in several deaths, said Darryl Anderson, MARCS project manager.

In each instance, several responding public safety agencies had little ability to communicate with one another, he said.

After several years of studies, discussions and preparatory work, the state began working on the $272 million MARCS project, which will be completed by 2004, according to Anderson, a 30-year state police veteran. The system will provide mobile radio coverage across 97.5 percent of every county, with a total of 201 radio tower sites constructed in the geographically diverse state.

The system will serve 12 state agencies and numerous local agencies with a maximum of 50,000 to 60,000 voice users, he said, with local agencies paying monthly user fees to tie into the system.

The next step, Anderson said, is to link MARCS with systems in other states, including neighboring Michigan. Since 1995, officials there have been developing the state's own 800 MHz wireless system, which will be completed this fall.

Michigan officials studied the issue for a decade before embarking on the $200 million project, said Harry Warner, manager of the state's 800 MHz project and assistant division director for the Michigan State Police.

The state police, who had been operating on a low-band radio system since 1944, had been having problems with radio congestion in some regions and, as communities expanded into rural areas, dead spots in others.

Like Ohio and Michigan, several communities in the Washington, D.C., area began working on 800 MHz digital systems following the crash of Air Florida Flight 90 into the Potomac River in 1982.

"Oh, it was a disastrous day, and nobody could talk to one another," recalled Alan Caldwell, who was a firefighter on the scene.

"Elected officials said, 'We cannot have this happen again.' And so what was put together and begun back then has become a very, very successful program," said Caldwell, director of government relations for the International Association of Fire Chiefs (IAFC). "And the proof of the pudding was [that] when the airplane went into the Pentagon, all the fire units were able to talk to one another."

But Harlin McEwen, a former police chief and FBI agent now working for the International Association of Chiefs of Police, worries that interoperability is a symptom of a larger problem with communications, not the problem itself.

"So what we're trying to do is to impress upon the people in Washington, particularly because right now this is a big buzzword, that interoperability should be a good byproduct of a good local or state system, and that it should not be the primary focus," he said.

A Hot Commodity

But even as public safety communications are on the verge of improving, officials in many states are running into trouble with the economics of the radio spectrum. The first issue is a problem of supply and demand.

The 800 MHz band, which is used by cellular services as well as public safety communications, is getting congested, and this has begun to interfere with first responder communications. Agencies are looking at other slices of the spectrum, including the 700 MHz band, but that in turn creates more interoperability problems, experts say.

"The broad issue is that public safety operates in 11 different portions of the radio spectrum," said PSWN's Lee. "Equipment doesn't usually cross from one portion of the spectrum to the other. So we have to cross those borders in order to be interoperable."

The need for a bigger piece of the spectrum for public safety emerged as a major concern of the Public Safety Wireless Advisory Committee (PSWAC). The FCC and the National Telecommunications and Information Administration (NTIA) formed the committee to study the issue.

In a Sept. 11, 1996, report exactly five years before the worst terrorist attacks on U.S. soil PSWAC recommended that four channels in the 700 MHz band, now occupied by TV broadcasters, be reallocated to public safety agencies. A year later, Congress passed a law authorizing the FCC to assign the channels.

However, TV broadcasters have until Dec. 31, 2006, to move, and that depends on the saturation of the high definition TV market in the country.

"Now you see that's a date that means nothing," McEwen said. "Congress said that they have to be out of there if there was an 85 percent saturation of use of HDTV by that time. Well, there isn't even 10 percent. There isn't even 5 percent and nothing's happening. It isn't moving at all."

To close the loophole, several House legislators have introduced a bill, H.R. 3397, setting the 2006 deadline in stone. If the bill passes, the FCC would allocate usage, which is time-consuming.

"But the fact of the matter is if we got that 24 MHz of 700 spectrum tomorrow, it would take us several years to be able to implement," McEwen said of the proposed FCC public spectrum allocation. "I mean, companies are just now starting to announce equipment that will be able to work in that band. I mean, there wasn't any."

Funding Static

But such issues are moot to many public safety agencies that are struggling to find money for the upgrades.

Most states have no dedicated funding source for communications and interoperability, according to officials, which reflects a low priority among lawmakers.

And the situation has been exacerbated by the slumping economy during the past year, with an overwhelming majority of states experiencing severe budget shortfalls, said Cheryl Runyon, a senior fellow at the National Conference of State Legislatures.

"You're looking at everything you have," she said. "Could you use your tobacco settlement money for this? And so this has been a difficult situation, because folks don't know what they have in terms of other resources.... Almost all the rainy day funds have already been used."

But that is changing as the issue slowly gains importance.

Minnesota officials, for example, are planning to add an excise fee to people's telephone bills to help pay for improved communications in the St. Paul-Minneapolis area. Runyon said other counties could impose a $2 to $4 surcharge on homeowner and business insurance policies, as Florida did in the aftermath of Hurricane Andrew in 1992 for a disaster mitigation fund.

"Those funds have allowed the state and their emergency management agency to make grants to local communities in what they need in trading in equipment," she said. "If you identify you have an interoperability problem, and you do need to set up better communications because of natural disasters and man-made disasters or something along those lines, then you can use those funds."

IAFC's Caldwell said fire services are particularly sensitive to the funding issue. Seventy-five percent of the nation's 26,000 fire departments are composed of volunteers, meaning that of the 1.1 million firefighters, about 800,000 are volunteers.

"And really, quite frankly, funding is an issue more for the fire service than it is for metropolitan police or sheriffs, just because of that volunteer issue," he said.

Fire departments are getting help from the Assistance to Firefighters Grant Program, now in its second year. The program, administered by the Federal Emergency Management Agency's Fire Administration, could give as much as $900 million to provide departments with equipment and training. FEMA provided $100 million in fiscal 2001 and $360 million in fiscal 2002.

Help on the Way

The events of Sept. 11 may change how public safety agencies deal with those difficulties, because they are widely viewed as the first responders when it comes to homeland security. That shift appears to have fostered a greater cooperative spirit among all levels of government.

At the least, federal legislators and policy-makers seem to understand that first responders need better and more reliable communications technologies, which often serve as lifelines to them. Public safety officials say the time is ripe to advance the cause with Congress and the Bush administration, whether it's to address grants, training, emerging technologies and standards, or spectrum problems.

Activity is occurring on several fronts.

The Justice Department's National Institute of Justice, in partnership with several other federal agencies and committees, has been developing technologies for both short- and long-term interoperability solutions since 1998.

And just last week, President Bush released a national strategy for homeland security that calls for better information sharing and communications interoperability. The proposed Homeland Security Department would develop a national emergency communications plan to establish protocols, processes and national standards for technology purchases, the report said. Federal grants to state and local agencies would be tied to that plan, requiring "all applications to demonstrate progress in achieving interoperability with other emergency response bodies."

And although it's not entirely clear just how the proposed Homeland Security Department would work with first responders, it appears that FEMA would serve as the point agency for them.

FEMA, which provides assistance and relief to local responders during disasters, will oversee a relatively new federal initiative called the Wireless Public Safety Interoperable Communications program, or Project SafeCom.

The program's objective is to speed implementation of public safety communications at all governmental levels, including providing guidelines and best practices to ensure interoperability.

"We recognize that we can't force local governments to discard their technologies wholesale," said Ronald Miller, FEMA's chief information officer. "They can't afford that."

Funding seems to be one area where the federal government could help.

Officials say many local and state governments are looking to the federal government for help. Part of the $3.5 billion proposed by Bush for first responders is earmarked for local agencies to improve communications, but that is "iffy," McEwen said.

Right now, Congress is focusing on a supplemental appropriations bill, H.R. 4775, authorizing FEMA to disburse $115 million specifically for interoperable communications equipment and also funnel $85 million to a Community Oriented Policing Services program. The bill is in conference between the House and Senate.

PSWN estimates that it may cost $18 billion to replace the existing infrastructure. "That's an estimate that we did about two years ago and that was our best estimate at replacement, but just replacing everything doesn't guarantee interoperability," Lee said. "You still have to plan things right."

But McEwen doesn't agree with that figure. "There are lots of systems out there that are quite good that work quite well," he said. "What we're talking about are the ones that don't work."

Federal officials and elected representatives appear to be listening, several observers say.

Ohio CIO Greg Jackson said the states and the CIO Council see eye to eye on wireless interoperable communications.

"We're trying to see if there's a way, if there are ways, to make sure that funds flow from the federal down to the locals that we can wrap around parameters for them on how they can spend these funds specifically in wireless communications," said Jackson, who is the National Association of Chief Information Officers' liaison to the CIO Council.
*************************
Federal Computer Week
FBI: Accelerated IT plan not realistic

The FBI has abandoned plans to complete an overhaul of its antiquated computer systems by December. The bureau now says it will take until January 2004 to finish the Trilogy project.

During the past year, the FBI has installed new desktop computers, printers, scanners and Microsoft Corp. Office software in its 56 field offices and two information technology centers, completing Trilogy's first phase, according to Sherry Higgins, Trilogy project manager.

But FBI agents still cannot tap into the bureau's five main investigation databases from their desktops, and many of them cannot send and receive e-mail or access the Internet, Higgins told members of a Senate judiciary subcommittee July 16.

Last fall, after the Sept. 11 terrorist attacks, FBI officials vowed to have Trilogy completed by the end of this year almost a year ahead of the original completion date of October 2003.

But Higgins, who was hired in March, said finishing on the faster schedule would not be possible.

It will take longer to install "the right solution" than it would take to install "a solution. Deciding what is right takes time," Higgins told Sen. Charles Schumer (D-N.Y.), chairman of the Administrative Oversight and the Courts Subcommittee.

Higgins said the date for completing the second phase of Trilogy has been moved from this month to next March "to allow additional time to test and deploy a secure, operational system." The second phase involves making high-speed connections between FBI offices.

The final phase involves installing five user-specific software applications designed to help FBI agents find, organize and analyze information, which will be delivered by January 2004, Higgins said. Work on the $400 million Trilogy project began last spring.

Schumer declared the three-year wait for a modern computer system "unacceptable." After the terrorist attacks and disclosure that FBI field offices failed to share information they had on the terrorists, Schumer said, "I find it impossible to believe that we cannot, for the safety of our nation, implement Trilogy any faster.

"We need it today, not tomorrow. We needed it yesterday." He described current FBI technology as "dinosaur-era" and "fossil technology."

Private-sector computer system experts said that installing a system as extensive as Trilogy in a private company would probably take about 18 months. But most companies would not be starting with technology as primitive as the FBI's, one expert said.

Higgins said in the four months that she has worked for the FBI, she has "been given a whole lot of reasons why the FBI is where it is" technology-wise, "and I have asked not to be given history as excuses."

Before working for the FBI, Higgins was a chief information officer and chief technology officer at Lucent Technologies.

Although Trilogy could give FBI agents better access to investigation files and other information that would help them do their jobs better, it poses serious dangers from a security standpoint, warned Sen. Jeff Sessions (R-Ala.).

A former U.S. attorney for the southern district of Alabama, Sessions said, "There are people who would be dead would disappear tomorrow" if information from FBI investigation files is too freely available.
*********************
Federal Computer Week
Lessons learned after Sept. 11

Public safety agencies in the Washington, D.C., area did not have many of the interoperability problems reported in New York in the wake of the terrorist attacks last September. Earlier this year, the Public Safety Wireless Network developed a list of lessons learned by those agencies:

* Regional planning and coordination effort Because of the unique geographical and political environment of the Washington, D.C., area, its public safety leaders realized many years ago that any response to a major incident in the area would be a regional response.

* Training Area agencies regularly conduct mass casualty and incident drills that bring together various local agencies to effect a large-scale response.

* Incident Command System (ICS) The early establishment and strict adherence to a formal ICS was a key factor supporting successful communications at the site of the Pentagon attack.

* Commercial services usage Responders found that the only reliable form of communications were their own, private land mobile radio systems.

* Lack of interoperability among secondary responders During the initial response, the majority of local public safety responders (first responders) experienced no difficulty in establishing interoperable communications on the scene. However, as the number of state and federal agencies (secondary responders) increased at the site, interoperability presented new challenges.

* Interoperability assets inventory A list of interoperability assets (mobile command vehicles, switches and extra radios) available in the Washington, D.C., region does not exist.

* Necessity of "total interoperability" First responders require seamless communications. However, the level of interoperability necessary to support operations for secondary responders has not been documented.
***************************
Federal Computer Week
FBI fingers problem system

The FBI's computer system upgrade is supposed to enable FBI agents to gain electronic access to information in other agencies' databases, but one database is likely to prove troublesome IDENT, the Immigration and Naturalization Service's collection of more than 4.5 million foreign visitors' fingerprints.

INS and the FBI are under orders from Congress to integrate their fingerprint databases, but despite efforts dating at least to 1997, the systems remain incompatible.

The problem is "flat" vs. "rolled" fingerprints, according to the FBI and the Justice Department's inspector general. When INS officers catch a foreign national who has committed a crime or is in the United States illegally, they take a "flat fingerprint" from each index finger, snap a photograph and enter them into the automated biometric fingerprint identification system, IDENT.

When FBI agents catch a criminal, they take 10 "rolled fingerprints" and enter them into the FBI's Integrated Automated Fingerprint Identification System, or IAFIS.

Then, when fingerprints are found at crime scenes or on evidence, or foreigners or criminals are apprehended, those fingerprints can be compared with those in the databases to check for a match.

Putting IDENT fingerprints into the IAFIS system could be especially helpful because state and local police have access to 60 million criminal records, including fingerprints, in the IAFIS system. Thus, a traffic stop could lead to the arrest of a wanted foreigner.

But when IAFIS tries to search the IDENT prints, it produces a 40 percent error rate, according to Sen. Charles Schumer (D-N.Y.).

Mark Tanner, the FBI's information resources manager, insisted that IAFIS is highly accurate but conceded that "it is not wholly compatible with flat fingerprints."
*******************
Federal Computer Week
Cyberterrorism drill set
Operation Dark Screen to help government, industry prepare for attacks


Federal, state and local government officials are partnering with representatives from the private sector and the utilities community in a cyberterrorism exercise designed to identify the links between them in defending and responding to a cyberattack.

Operation Dark Screen, the brainchild of Rep. Ciro Rodriguez (D-Texas), is a three-phased exercise that will help all the players involved better understand their roles in preparing for, recovering from and protecting the nation's critical infrastructure during a cyberattack.

"A lot of people think about chemical, biological and nuclear attacks, but very few people think about the cyber," Rodriguez said. "Anyone who is going to hit us, it's going to be a combination of those."

For example, hackers might infiltrate the computer systems that control San Antonio's power grid to attempt shutting off electricity across the city. Officials from the Air Intelligence Agency (AIA) at Lackland Air Force Base, Texas, after tracking the hackers' movements, would notify the local utility company, as well as federal, state and local law enforcement officials, who would apprehend the criminals.

That's how the scenario should play out and what Dark Screen will test but today, a lack of information sharing and response procedures among the levels of government and the private sector could mean a victory for terrorists.

Collaboration is necessary, security experts say, because the private sector controls 85 percent of the nation's critical infrastructure, which includes telecommunications, transportation and essential government services.

A spokesperson for AIA, one of the Dark Screen participants, said the agency has taken part in numerous military intrusion exercises, but this is the first time it is participating in a civilian-led exercise involving so many different groups.

AIA is serving as an adviser to the civilian and community participants because agency officials feel their participation "will help to improve the security of the complex infrastructures in the San Antonio area," the spokesperson said. "As a community partner and major user of at-risk utilities, it is to the [AIA's] advantage to assist in helping to preclude cyberattacks on these valuable assets."

Lessons to be Learned

Dark Screen's first phase, scheduled for September, will be a tabletop exercise in which a still-to-be-determined cyberattack will be played out and all participants will respond, said Gregory White, technical director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio, which is leading the planning and execution of Dark Screen.

AIA has assumed a leadership role in bringing together various stakeholders, including representatives from the city, the county, the Army, the Air Force, the state attorney general's office, the FBI, the private sector and many others.

The second phase of Dark Screen will focus on applying the lessons learned from the tabletop exercise, and the third phase, to take place next May, will be a live exercise using actual attempts to penetrate networks, White said. He added that the final phase is "greatly to be defined," but will involve "testing notification and alert chains."

"We can do it on paper, but by bringing everybody together at one time, we can see who is prepared to do that," White said. "What we do here is applicable across the nation."

John Pike, director of the nonprofit organization GlobalSecurity. org, said the exercise was a welcome break from tradition.

The usual all-talk-and-no-action stance on cyberattacks is "rather strange, given the number of emergency response exercises that are conducted to anticipate other problems, such as hazardous materials spills or nuclear accidents," he said. He added that actual exercises are needed to "rehearse response measures."

The Defense Department frequently conducts exercises in which it pays companies to penetrate their systems, but Dark Screen will "help identify the interdependencies and linkages between the different sectors," White said.

San Antonio officials plan to "review and modify" their infrastructure security measures based on the Dark Screen findings, said Mike Miller, the city's emergency management coordinator.

"We hope to identify quick fixes and implement those quickly, as well as look at long-term issues that will take more time and resources to implement," said Miller, who is also assistant chief of the city's fire department. "The most important thing that we hope to get out of the exercise is securing San Antonio's infrastructure to maintain all aspects of the quality of life for our community. We also will share our experiences with other communities to help them be better prepared."

Inside and Out

The City Public Service (CPS), the utility provider for 560,000 electric and 302,000 gas customers in San Antonio, hopes to improve not only its internal mechanisms, but also its external communications through Dark Screen, according to Charles Lenz, manager of CPS' technology services.

Lenz said that his group would like "a more integrated and formal internal approach to dealing with cyber incidents, as well as increased communication with external sectors regarding cybersecurity issues." He added that the lessons learned "will be evaluated internally and, where warranted, additional resources and/or processes acquired or defined."

Lenz and Miller both said the only event that comes close to what all of these organizations are attempting to do with Dark Screen was the Year 2000 rollover. "Y2K was the last time we did this type of an event, with a tabletop before the actual Y2K event," Miller said.

Rodriguez said the idea for Dark Screen was hatched over a year ago, after the collision between a U.S. EP-3 spy plane and a Chinese fighter jet in which the Chinese pilot was killed.

That incident set off a series of activities by U.S. and Chinese hackers, and lawmakers received reports that cyberattacks against the Energy Department and DOD increased during that time, he said. "Every time there's an international crisis, the hits are a little higher."

Rodriguez said the need for a cyber military exercise was evident back then, before the Sept. 11 terrorist attacks. Right after the attacks, when phones were useless and one of the few means of communication was by using wireless handheld devices, the need to identify how the nation would respond to a full-scale cyberattack became critical.

"We really need to see what we can do," because what if the 911 emergency phone service goes down or financial institutions are hit, Rodriguez said. "I recognize that participating in this exercise may raise concerns about the privacy of individuals, proprietary business information, classified information and existing vulnerabilities, and these issues will be fully examined and addressed in the planning stage" (see box).

Currently, all Dark Screen participants are paying their own way, which hasn't cost much in the planning stages, but Rodriguez said he has asked DOD for $500,000 to pay for next year's live exercise.

Meanwhile, the lobbying efforts continue. Rodriguez said he had a meeting July 11 with John Tritak, director of the Critical Infrastructure Assurance Office, and that Tritak would be hosting a town hall meeting on cyberterrorism in San Antonio in September, either right before or after the first phase of Dark Screen. Tritak could not be reached for comment.

***

This is a test

Officials from the public and private sectors plan to conduct a series of exercises in which they will coordinate their responses to cyberattacks.

Operation Dark Screen has three phases:

1. A tabletop exercise for public and private officials to play out a scenario in which critical systems come under attack.

2. Applying lessons learned from the tabletop exercise.

3. A live exercise, which will include attempts to penetrate networks.
**************************
Government Computer News
Davis pushes for baseline security standards in HSD markup
By Jason Miller

Rep. Tom Davis wants to see at least some of his IT security bill, HR 3844, rolled into Homeland Security Department legislation. The Virginia Republican, who chairs the Government Reform Subcommittee on Technology and Procurement Policy, has asked Reps. Richard Armey (R-Texas) and Nancy Pelosi (D-Calif.), the leaders of the Select Committee on Homeland Security, to add provisions of his Federal Information Security Management Act to the final bill.

FISMA was not part of the Select Committee's markup because of time constraints, although Davis said the committee agreed to it in principle. The Government Reform Committee and the Science Committee initially considered FISMA, but it stalled in subcommittees.

Davis' letter said the bill's provisions would "significantly strengthen federal cyberpreparedness by requiring all agencies to implement specific, baseline security standards established by the National Institutes of Standards and Technology."

In addition to the NIST-developed standards, Davis' bill would permanently reauthorize the agencywide risk management security approach first imposed this year under the Government Information Security Reform Act.
****************************
Computerworld
Bush security plan calls for background checks

WASHINGTON -- Once a cabinet-level Department of Homeland Security is established, the Bush administration plans to convene a panel of government and private-sector experts to determine the legal guidelines for subjecting tens of thousands of private-sector employees to background investigations.
The panel -- outlined in the president's National Strategy for Homeland Security released last week (see story) -- would be convened jointly by the secretary of Homeland Security and the U.S. attorney general. It would examine whether current employer liability statutes and privacy concerns would hinder "necessary background checks for personnel with access to critical infrastructure facilities or systems."

That means tens of thousands of private-sector employees working in industries such as banking, chemicals, energy, transportation, telecommunications, shipping and public health would be subject to background checks as a condition of employment.

Tom Ridge, the current director of the Office of Homeland Security and the leading contender to become Bush's nominee for the cabinet post, said on July 21 that the nation remains at risk from an unknown number of terrorist cells operating within the U.S. And according to the national strategy, that situation could be further complicated by malicious insiders with authorized access to critical facilities.

"Personnel with privileged access to critical infrastructure, particularly [IT-based] control systems, may serve as terrorist surrogates by providing information on vulnerabilities, operating characteristics and protective measures," the Bush strategy states.

The administration's desire to ensure that employees working at critical infrastructure facilities -- 90% of which are owned and operated by private companies -- could also provide additional incentive for the Bush administration to establish the post of chief privacy officer within the proposed Homeland Security cabinet-level office.

"I certainly think that we are very open to having that discussion," Steve Cooper, president Bush's CIO for homeland security, said today. "I suspect that the American public is also interested. I think the dialogue is welcome."

But the challenge of conducting background investigations on such a massive scale may be far greater than anybody has acknowledged so far, said Bill Malik, a security analyst at KPMG LLC.

"The biggest problem with background checks for folks working on critical infrastructure is the broad use of third parties and contractors involved in the work," said Malik. "The worry at a nuclear power plant is not so much the regular staff but the cleaning crew, the groundskeepers, the caterers and the painters.

"And from a law enforcement perspective, it is actually easier to covertly identify a suspicious person and place them under surveillance than it would be to scare such folks off, drive them further underground and then have to wonder what they might be up to from a distance," said Malik.

Gary Gardner, CIO at the Washington-based American Gas Association, which represents 187 local companies that deliver natural gas to more than 52 million homes, businesses and industries, said the Bush plan focuses on critical-infrastructure personnel programs and proposes national standards for screening and background checks.

"As you can imagine, creating national standards and possibly regulation is not something any industry would like to see," Gardner said. "However, assistance in strengthening programs and the government strengthening their own background checking ability -- with industry being able to take advantage of a national system -- would be welcomed."

During a news briefing last week at the White House, Cooper said privacy issues will be one of the five guiding principles used to develop the administration's cybersecurity and critical infrastructure protection plan.

"Getting the balance right will be a pendulum," he said, referring to the balance between privacy, civil liberties and the need for greater security. "We're not going to get the balance right right out of the box."
****************************
News Factor
Are Hacking Defenses Winning the War?

The problem with hack attacks these days is that they are no longer easily recognizable. Like snipers, they hide in the shadows. They can also disguise themselves as something else. For the rest of the story, see: http://www.newsfactor.com/perl/story/18663.html#story-start

***********************
News.com
Hollywood heads up anti-piracy charge
By Declan McCullagh

WASHINGTON--Hollywood's lobbyists are readying a new legislative push on Capitol Hill.
On Monday, a lawyer for the Motion Picture Association of America said to expect new bills soon to assail illicit peer-to-peer file trading and curtail the piracy of digital TV broadcasts.

Fritz Attaway, the MPAA's senior vice president for government relations, told an intellectual property conference that his group would, with the help of its powerful congressional allies, attempt a three-pronged approach this fall.


Because Congress only has about five work weeks left before it is scheduled to adjourn for the year, the movie studios' effort has limited hopes of success until 2003. But it will highlight Hollywood's legal attempts to permit the intentional disruption of peer-to-peer networks and limit the unauthorized copying and conversion of digital TV signals.

"This is a legislative objective of ours that I know you will be hearing more about really soon," Attaway told more than 100 congressional aides attending a conference organized by the Competitive Enterprise Institute and the Institute for Policy Innovation.

Both are free-market groups generally skeptical of government regulation. They convened for the half-day event, featuring speakers from Microsoft, Eli Lilly, and the Association for Competitive Technology, to argue that intellectual property rights should be defended as fiercely as traditional property rights.

"We're here to defend intellectual property," said Jim DeLong, an economist at CEI. "If you want balance, go to another session."

Last month, Rep. Howard Berman, D-Calif., said he was writing a bill that would allow aggrieved content owners to launch technological attacks against file-swapping networks where their wares are traded.

"No one in the motion picture industry has any interest in invading your computer or doing anything malicious with your files," said the MPAA's Attaway. "The idea is to make unauthorized file sharing sufficiently inconvenient or at least unsuccessful."

Berman has not introduced his bill yet, but his description says that it will immunize copyright holders from civil and criminal liability who use technological methods such as hacking to "prevent the unauthorized distribution of their copyrighted works via P2P networks."

The MPAA's other two proposals likely will seek to limit piracy by outlawing future components that receive digital TV broadcasts unless they follow anti-copying standards. Last week, the Recording Industry Association of America endorsed a similar "broadcast flag" approach for digital radio broadcasts.

The idea is straightforward: Future hardware and software would treat digital television differently if it were designated as copy-protected, preventing people from saving multiple copies or uploading it. Another standard would, in industry jargon, "plug the analog hole" by embedding watermarks in broadcasts and limiting the redistribution of broadcasts with those hidden watermarks.

But because people might not use these new kinds of devices if given a choice, new federal laws likely would be necessary to compel software and hardware manufacturers to abide by the flag or watermark. Senate Commerce Chairman Fritz Hollings, D-S.C., has introduced a related bill that would restrict hardware and software that doesn't adhere to government-approved "standard security technologies."

Attaway said, "To implement the (broadcast) flag, there has to be legislation." The MPAA's Web site echoes the sentiment, saying that "implementation is expected to require a legislative and/or regulatory mandate."

None of the speakers at the conference, including representatives from Intel and Microsoft, attacked the idea.

Susan Mann, a federal affairs manager at Microsoft, said "we applaud" Berman's considered approach. But, Mann said, "we have to look at it very carefully."

Mann said that Microsoft has undertaken aggressive anti-piracy efforts by relying on technology instead of the law. "We do that without having asked anyone for legislation to implement those technological protection tools...Piracy is a problem that we view as primarily our own," she said.

Intel attorney Jeffrey Lawrence, who specializes in content protection, reeled off a history of how his company has worked to devise standards for digital rights management.

Lawrence said that Hollings' plan to forcibly implant copy-protection technology in consumer devices has disrupted negotiations between Hollywood and Silicon Valley. It's "changed not just the stakes, but an ongoing dialogue that has been going on for many, many years," he said.
***************************
News.com
Give a geek a hug
By Lisa M. Bowman
Staff Writer, CNET News.com
July 22, 2002, 3:00 PM PT


If you're like most people, when your computer crashes you groan, issue a string of expletives, and then wait idly by until your trusty information technology person rescues you from blue-screen hell.
On Friday, it's time for you to show your appreciation for those geeks in shining armor.

Ted Kekatos has created System Administrator Appreciation Day, a time to honor the people whom neither rain, nor snow, nor bizarre "illegal operation" errors can keep from fixing your machine.


Kekatos, a droll system administrator in Chicago, was inspired to create the special day by a Hewlett-Packard ad he saw a few years ago. In the ad, a system administrator is bombarded with presents from employees as thanks for installing new printers.

"I tore that ad out and showed it to some of my co-workers and said, 'Look at what this guy's getting. Where's mine?'" Kekatos joked.

The event, now in its third year, is designed to pay tribute to anyone in information technology. "Let's face it, system administrators get no respect 364 days a year," Kekatos wrote in an e-mail urging people to celebrate.

All Kekatos is really hoping for this year is a simple "thanks"--and maybe some cake and ice cream. Last year, his co-workers bought him lunch.


But he's put together a geeky wish list for nerds everywhere, just in case. Inspired by e-mails from fellow system administrators, the list contains gifts ranging from a case of iced mocha cappuccino to dream rewards like a handheld GPS unit or a home theater system.

"I put some stuff on there that I would like," he said. "You can always dream."

Kekatos' site also gives some tongue-in-cheek tips for maintaining your administrators' spirits on a year-round basis, including "When Ted says he's coming right over, log out and go for coffee. It's no problem for him to remember your password" and "if you get a .EXE file in an e-mail attachment, open it immediately. Ted likes to make sure the antivirus software is working properly from time to time."

Kekatos hopes System Administrator Appreciation Day will become a bigger holiday along the lines of Secretary's Day, and he's even considering sending a little reminder to the CEO at his own company.
*****************************
Information Week
Federal IT Systems Vulnerable To Cyberattack, Report Says July 22, 2002
By Eric Chabrow

The government lacks a coordinated and comprehensive approach to its critical infrastructure, according to a GAO report.

The federal government's IT systems are vulnerable to cyberattacks because the government lacks a coordinated and comprehensive approach to its critical infrastructure, a congressional report says.

A report from the General Accounting Office, released Monday by the Senate Governmental Affairs Committee, says existing protection efforts don't address all key infrastructure areas and their respective federal agencies, including industries such as chemical manufacturing and food safety. Furthermore, the GAO says organizations have failed to establish consistent relationships with other protection agencies that share similar responsibilities. None of the organizations reviewed by the GAO appropriated funds specifically for cyberprotection programs, making it impossible to track efforts being made to remedy these vulnerabilities, according to the GAO, the investigative arm of Congress.

"As this report shows, our cyberspace infrastructure is ripe for attack today," Sen. Joseph Lieberman, the Connecticut Democrat who chairs the panel, said in a statement.

The GAO report concludes that coordination and protection efforts are greatly hindered by the absence of a comprehensive cyberprotection strategy, which is being developed by the President's Critical Infrastructure Board.

Lieberman and Sen. William Bennett of Utah, the ranking Republican on the committee, requested the report in October after the committee began a series of hearings examining the security of critical infrastructure. The report identified and examined more than 50 federal organizations that have national or multiagency responsibilities related to protecting critical IT systems.
***************************
InfoWorld
Cybersecurity confusion hampers government
By Sam Costello

U.S. CYBERSECURITY POLICY and the protection of critical infrastructure is being hampered by a failure to communicate between the large number of federal organizations which have responsibilities in the area. Adding to the chaos are ill-defined relationships between the groups, according to a new report released Monday by the U.S. General Accounting Office (GAO).

"Without a strategy that identifies responsibilities and relationships for all cyber [critical infrastructure protection] efforts, our nation risks not having the appropriate structure to deal with the growing threat of computer-based attacks on its critical infrastructures," the report concluded.

The GAO, which acts as the investigative arm of Congress, found that there are at least 50 federal organizations that have responsibilities related to cyber critical infrastructure protection (CIP), including five advisory committees, six Executive Office of the President organizations, 38 executive branch organizations associated with departments, agencies or intelligence organizations and three other organizations.

These bodies come from a wide range of government organizations, including the Office of Management and Budget, the U.S. Federal Communication Commission, the U.S. Department of Defense, the U.S. Department of Justice, the U.S. Environmental Protection Agency, the Federal Emergency Management Agency, the U.S. General Services Administration, the report said.

Communications channels are not adequately established between the organizations, according to the report. Though some of the bodies were able to identify their relationship to other organizations generally, "relationships among all organizations performing similar activities were not consistently established," the report found.

One example of the confusion about the function of different organizations among the various groups cited in the report concerns the National Infrastructure Protection Center (NIPC), the cybersecurity wing of the U.S. Federal Bureau of Investigation.

"Discussions with officials in defense, intelligence and civilian agencies involved in CIP ... showed that their views of the NIPC's roles and responsibilities differed from one another," though the NIPC's role should be clear, according to the report.

The communication issue and the definition of roles is set to be addressed by the President's Critical Infrastructure Protection Board in a national cyber CIP strategy set to be released in September, the report said.

In its report, the GAO recommended that the strategy should define "key federal agencies' roles and responsibilities associated with each sector, and [define] the relationships among key CIP organizations."

The GAO has been a constant proponent of better cybersecurity in recent years through the audits of a number of government agencies. In February, it released a report that called the Department of the U.S. Treasury's security measures "ineffective in identifying, deterring and responding to computer control weaknesses promptly."

The GAO also criticized the NIPC in May 2001, saying that the body failed to provide timely warnings of computer attacks.

The full GAO report can be found on the organization's Web site at http://www.gao.gov/new.items/d02474.pdf.
****************************
MSNBC
China claims 3rd place in world Net usage
Internet use growing rapidly, official report says
ASSOCIATED PRESS

BEIJING, July 23 Surging Internet usage has made China the No. 3 user of the Internet in the world, a new report asserts, with more than 45 million citizens now logging on regularly even as the government struggles to control subversive content.
THE FIGURES, reported by official newspapers on Tuesday, marked a 72 percent rise over last year. They continue a trend of strong growth in Internet use among China's 1.26 billion people, according to the China Internet Network Information Center, an industry group funded by the Information Industry Ministry.
Only the United States and Japan have more citizens connected to the Internet, according to the report, which was quoted in the Communist Party's People's Daily and other newspapers.
China has 16 million computers linked to the Internet, an increase of 61 percent over June 2001, the report said. The average Chinese Internet user spends eight hours and 20 minutes online each week.
While Internet usage was formerly limited mostly to academics, 68 percent of users do not have college degrees. That indicates that "the Internet is now coming closer to common people," People's Daily said in its online edition.
China has strongly promoted the Internet's commercial potential, despite concerns among communist leaders that the Web would weaken its ability to control access to information and political debate.
At the same time, however, authorities keep as tight a rein as they can on citizens' Internet usage.
To ward off unwanted influences, police monitor online content and block links to Web sites operated by foreign media and government critics. People who use the Internet to transmit material deemed subversive have been given lengthy prison sentences.
In addition, many Internet users' main means of going online has been cut off in recent weeks. The government ordered all Internet cafes shut down after a fatal fire in Beijing last month, and only selected establishments have been permitted to reopen.
The Gartner Group, a telecommunications consulting firm, estimated last month that about 80,000 of China's 200,000 Internet cafes were unlicensed.
*******************************
CIO Insight
Wireless (In)security
By Gary A. Bolles

Now, someone can steal your company's most sensitive data by snatching it out of thin airright from the company parking lot.

Sound more like scare talk than reality? Guess again. On May 1, an anonymous customer of Best Buy Inc. told SecurityFocus Online, a Web site for a security threat management firm, that he was able to break into Best Buy's internal sales data network from his carwhich was parked in one of the store's parking lots. He tapped into the network, he said, after installing into his laptop a wireless card that he had just bought in the store.

It's not certain whether any customer credit card numbers or other purchasing information held by Best Buy at its 499 stores across the country has actually fallen into the wrong hands, but the discovery of the company's vulnerability caused a brouhaha at Best Buy headquarters.

The problem? Best Buy, in some of its checkout lanes, uses portable point-of-sale terminals that are tied to its servers by a wireless local area network, or LAN. The LAN relies on the 802.11 wireless networking standard, known as Wi-Fi. But Best Buy did not, apparently, bother to turn on the most fundamental security feature that's built into Wi-Fi, thereby leaving customer credit card data unencrypted and open to snooping. At first, Best Buy pulled its wireless POS systems from its stores. Now, though, they're back in use, says spokeswoman Joy Harris, because the company has bolstered its wireless security procedures.

But Best Buy's vulnerability is hardly unique. Many companies fail to take even the most basic wireless security precautions. Still have doubts? Take a ride with government software consultant Todd Waskelis in Virginia's Dulles corridor, a thruway outside Washington, D.C. that is lined with high-tech firms. Waskelis can slip a wireless card into his laptop, drive down Route 7 and pick up one wireless network after another, including the networks of a major credit clearinghouse. "Instead of hacking from the Internet, people can hack from the road, and probably get to the accounting server," Waskelis says.

But the culprit, say experts, isn't the technology as much as it is poor management. Few companies think about wireless security as a business problem, and fewer still think of wireless security as a critical component of their company's business strategya set of choices to be made about what level of wireless risk is acceptable, and how to manage exposure while monitoring the network continuously for new holes and threats.

"The concept of wireless is on many peoples' radar screens, [but] the concept of wireless security is on far fewer of them," says Larry Rogers, a senior member of the technical staff at the CERT Coordination Center at Carnegie Mellon University. CERT trains companies to help secure the Net.
************************
Sydney Morning Herald
Cult sells 'cloning machine' online
Washington

The Clonaid Society, created by the founder of the Raelian movement, is selling online what it claims are "cloning machines" to further efforts to clone humans around the world.

The machine was created by Korean scientists, who are sect members.

Dubbed the RMX 2010, it makes possible a nuclear fusion operation aimed at obtaining a human clone embryo which in theory could be implanted in a woman's uterus to start a pregnancy.

The machine can be ordered on the company's Internet site for US$9,199 ($16,580).

The site also estimates that the cost of cloning a human to be about US$200,000 ($360,490).

"Not only are we hoping to be the first to clone a human being, but we also want to contribute so that the cloning efforts can multiply everywhere on the planet, helping to cure all diseases and improve the human race," said Rael, founder of the Raelian sect and the Clonaid company.

Rael hailed the fact that the US had yet to pass an anti-cloning law as "a huge victory".

"Five countries are now fully engaged in cloning: China, Sweden, Britain, Israel and Saudi Arabia," he said in a release.

The Raelian sect was founded in 1973 by a former French journalist Claude Vorilhon, or "Rael". Rael, who lives in Quebec, considers himself a prophet akin to Moses or Mohamed and claims 55,000 followers worldwide.

The Raelians believe life on Earth was established by extraterrestrials who arrived in space ships 25,000 years ago and that humans themselves were created by cloning.
******************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx