[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 24, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
Subject: Clips July 24, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 24 Jul 2002 11:42:39 -0400
Cc: jffgrv@xxxxxxxxxxx

Clips July 24, 2002

ARTICLES

Democrats Say G.O.P. Add-ons Threaten Bill for Security Dept. Report urges states to organize against cyberterror Experts Speak on Cyberterrorism Cybercorps to extend to states Global NMCI nerve center picked Judge orders alleged cybersquatter to shut down anti-abortion Web sites After Complaint, U. of Southern Maine Debates Reviewing All Distance-Education Materials MSN TV prank creating "emergencies" Roster changes Federal Government Treasury shrinks IT staff New site offers free online courses for federal workers Executives Advised to Take Role in Internet Security ICANN Forefather Wants More Democratic Internet Governance Bush Admin. Unveils Wireless Plan Internet medicine trips up doctor Experts Seek Liability Protections To Improve Cybersecurity OASIS forms WS-Security committee What is Grid Computing, any way? How random is pi? Mapping out the future of Russian internet Govt 'trying to prevent scrutiny of Net censorship laws' - Australia British government backs Open Source


****************************
New York Times
Democrats Say G.O.P. Add-ons Threaten Bill for Security Dept.
By DAVID FIRESTONE

WASHINGTON, July 23 A substantial number of Democrats say they are considering voting against the proposed Department of Homeland Security when it reaches the House floor on Thursday, complaining that Republicans had larded the bill with pet ideological projects.

Several Democratic lawmakers, including Representatives Charles B. Rangel of New York, Sherrod Brown of Ohio and James L. Oberstar of Minnesota, say they are voicing the feelings of many colleagues who want to support the department but may vote against it even if that means facing campaign advertisements attacking them as unpatriotic.

The provisions in the bill that bother many Democrats include cutting civil service protections for department employees and limitations on lawsuits against companies working on security technology. Republicans also inserted a last-minute provision that would delay by a year the start of screening airport baggage for explosives.

"They're loading up this homeland security bill with their entire corporate agenda tort reform, anti-union stuff that has nothing to do with our nation's security," Mr. Brown said. "For a lot of us, it's worth it to vote against the bill."

Hoping to salvage the spirit of bipartisanship that once surrounded his proposal, President Bush invited about 15 moderate Democrats to the White House today to make his case for the new department and see if there might be grounds for compromise. Participants said the president clearly did not want to see a party-line vote on homeland security later this week, but did not back off his forceful case for "management flexibility" that would ease civil service rules for department employees.

The Democrats' threats may be little more than a warning to Republicans not to shut them out of floor debate this week. Several members said the number of amendments that Republicans allow Democrats to propose will determine whether a majority of Democrats vote for the department. If the Republicans strictly limit the ability of Democrats to remove the provisions they dislike, the Homeland Security Department could suddenly become a partisan issue, just a few weeks after members of both parties praised President Bush for proposing it.

Even if Democrats get to vote on restricting civil service protections and extending the deadline for baggage screening but fail to change the bill, several say they will still vote against creation of the department.

"In the end," Representative Chet Edwards, Democrat of Texas, said, "I still think most Democrats will vote for it, but it's a shame that all these partisan issues have been injected that will force some members to vote against it. These civil service protections are crucial to so many people. You don't want an administration coming in and laying off Homeland Security employees because they disagree with their political leanings."

Republican leaders have already made it clear that they will pounce on any member who votes against creating the department. On Friday, after all four Democrats on a special House panel voted against the department for many of the same reasons, Representative Tom DeLay of Texas, the Republican whip, quickly accused them of cowering to Democratic special interests, like unions.

Concerned that Republicans will make a vote against the bill an issue in November races, some Democratic leaders are working behind the scenes on compromises. Representative Jane Harman, a California Democrat who supported a new department long before Mr. Bush did, said it would be "very harmful" to the department and to the nation if her party rejected the antiterrorism agency.

Ms. Harman and Representative Ellen O. Tauscher, another California Democrat who attended today's meeting, proposed a compromise on the baggage screening deadline, suggesting that if the dates for some security measures, like armor-plating cockpit doors, were advanced, it might be possible to move back the date for explosives screening.

The House Rules Committee is scheduled to decide by late Wednesday which amendments will be allowed. Republican leaders said today that they would work with Representative Richard A. Gephardt, the Democratic leader, to allow some Democratic amendments to be proposed, and Representative Dick Armey of Texas, the majority leader, said the debate might even extend into Friday. *************************** Computerworld Report urges states to organize against cyberterror

The National Association of State Chief Information Officers (NASCIO) today issued a report urging government leaders in all 50 states to set aside political differences and make cybersecurity and critical-infrastructure protection a top priority.

The report http://endowment.pwcglobal.com/pdfs/HeimanReport.pdf, "Public-Sector Information Security: A Call to Action for Public-Sector CIOs," was funded by the Arlington, Va.-based PricewaterhouseCoopers Endowment for the Business of Government and builds upon lessons learned during a conference on emerging cyberthreats attended by state officials in November.

"Government leaders must set aside the federated cultures that foster agency autonomy and 'my turf' thinking," wrote Don Heiman, the author of the report and the former CIO of the state of Kansas. "More than anything else, this report is a call to action, written with a sense of urgency and dedicated to the victims and families of the September 11th attacks on America."

The report specifically outlines 10 recommendations for state government officials that the NASCIO and experts from PricewaterhouseCoopers said lay the foundation for state governments to begin organizing and planning for a future nationwide information-sharing network for first-responders and cybersecurity officials.

However, one of the key recommendations calls for the states and the federal government to fund the establishment of an interstate information-sharing and analysis center (ISAC) similar to the series of private-sector ISACs established by the federal government to detect and warn of significant cyberthreats. According to the report, "It is very common for small- and medium-sized states to see 4,500 intrusion attempts per week." But many state governments lack both the money to establish their own ISACS and the personnel with the IT security expertise to properly defend against such cyberattacks.

Interstate ISACs "could provide these skills and aggregate state incident data to support national strategic cybersecurity planning," the report states.

That's one of the highlights of the report's conclusions, said Richard Webb, managing director of PricewaterhouseCoopers' digital tech practice and the former CIO of the state of North Carolina. However, before a national information-sharing and analysis architecture can be put in place -- something that officials from the President's Critical Infrastructure Protection Board have called upon the states to assist with -- the states have to agree on a common road map, said Webb.

"The 50 states are all organized in different ways," said Webb. "This puts a framework in place so that we can open up information-sharing across public boundaries. Everybody's a player in this. But this is a first step to put together a framework for state and local governments to organize."

The report also urges state legislators to pass laws that would protect sensitive state government information that is shared across state boundaries with other state governments, the federal government and the private sector from inadvertent disclosure.

"Sharing will not occur unless there is an assurance of confidentiality against state open records/sunshine laws and the federal Freedom of Information Act," the report concludes. "Interstate sharing has been limited because states fear that their security activities could become a part of another state's open records when information is shared across state boundary lines or with local or federal units of government."

A similar proposal to amend the Freedom of Information Act has been tied up in Congress for more than a year. ********************** Associated Press Experts Speak on Cyberterrorism Wed Jul 24, 6:04 AM ET By TED BRIDIS, Associated Press Writer

WASHINGTON (AP) - Experts in computer security, emboldened since Sept. 11 by renewed attention to threats of cyber-terrorism, are asking Congress for protections from liability lawsuits, antitrust restrictions and public disclosure laws as companies begin sharing more sensitive information about Internet attacks.

In stark testimony prepared for a hearing today by the Government Reform subcommittee on government efficiency, some of these experts described the risks that foreign hackers one day soon may attack the computerized systems controlling the nation's electrical or water networks.

"Today, some say it would be easier for a terrorist to attack a dam by hacking into its command-and-control computer network than it would be to obtain and deliver the tons of explosives needed to blow it up," said Stanley "Stash" Jarocki, who heads a threat-warning network established by some of the country's largest financial institutions. "Even more frightening, such destruction can be launched remotely, either from the safety of the terrorist's living room, or their hideout cave."

Another expert, Joseph M. Weiss of KEMA Consulting, complained that not enough has been done in the months after the Sept. 11 terror attacks to buttress cyber-security, while the government's primary focus has been to improve physical security around buildings, airports and other facilities.

These experts said that even as new vulnerabilities are discovered in modern technology, companies increasingly are connecting vital systems via the Internet because of cost-savings and efficiency.

"Companies have the capacity to manage their infrastructure with never-before-seen ease," said Marc Maiffret, the co-founder of eEye Digital Security Inc., which sells security software. "Fifteen field offices can be managed from one central location,"

Maiffret said this newfound convenience presents unprecedented risks. "The attack would be able to take advantage of the functionality ... to seize control of a power plant, a water treatment plant, a dam or even an amusement park," he said. Maiffret recommended all employees within companies that operate important systems undergo background checks in some cases as rigorous as ones needed for government clearances.

But Maiffret added that this threat largely remains a distant one. "Terrorists are only recently starting to realize the benefits of having people within their organizations that have real hacking skills."

Douglas Thomas, an associate professor of communication at the University of Southern California, agreed that while the U.S. government needs to pay attention to these threats, media reports often exaggerate the risks. "Cyber-terrorism is a lot more difficult than many people assume."

Jarocki, the security expert for banks, urged the panel to approve new legislative protections for companies willing to share information among themselves and with government. He said new rules are needed, similar to Y2K liability protections, when customers were prohibited from suing a company if it could demonstrate that it made good-faith efforts to keep its computers running safely.

"The sharing of information may lead to liability lawsuits against the company or its officers and directors," Jarocki said. "The chilling effect of potential liability lawsuits on voluntary speech cannot be underestimated."

He also asked for exemptions under antitrust laws to protect companies from sharing information about Internet attacks among competitors, and for exemptions under the U.S. Freedom of Information Act to protect any disclosures companies might make to government agencies about attacks.

Another expert, Alan Paller of the SANS Institute, recommended that Congress require all federal agencies to measure the security of their computers against minimum requirements. He also said that experts hired to identify weaknesses in computer networks also should make the necessary changes to fix any such problems. *********************** Federal Computer Week Cybercorps to extend to states

The White House's national strategy to protect cyberspace, scheduled for release in September, will contain a provision that extends a federal scholarship-for-service program to the state level, said Richard Clarke, cybersecurity adviser to President Bush.

The Federal Cyber Service program provides scholarships to undergraduate and graduate students studying computer security in exchange for two years of federal service. The first group of students is nearly finished with their first year in the program.

Six universities the University of Tulsa, Carnegie Mellon University, the Naval Postgraduate University, Iowa State University, the University of Idaho and Purdue University have received scholarship money. Currently, 66 students ages 22 to 64 participate in the program.

The cybercorps is important because the government does not have enough trained experts to protect federal systems, Clarke said, speaking July 22 at the 2002 Cyber Corps Symposium at the University of Tulsa. "We will fight a future cyberwar," Clarke said. "Right now we are not in good shape." The nation is dependent on cyberspace, which opens up vulnerabilities that need to be fixed, he said.

Recognizing that state and local agencies also need trained professionals to protect their networks, the cybersecurity strategy "calls upon state governments to create a state cybercorps," Clarke said.

Clarke would not reveal additional details of the cybersecurity strategy.

The Cyber Service program is scheduled to get a boost from the emergency supplemental funding bill scheduled for a vote in Congress this week. The bill contains $19 million to expand the Cyber Service program, Clarke said. "The president thought this was an emergency."

If the provision remains in the bill, the program would be extended to four additional schools in September. **************************** Federal Computer Week Global NMCI nerve center picked

After an extensive search, the Navy and EDS have decided that the Navy Marine Corps Intranet nerve center will remain at the existing network operations center in Norfolk, Va.

The global network operations center was originally to be located at the Marine base at Quantico, Va., but no space was available there, so the Navy has been searching for a site.

NMCI's four network operations centers provide mission-critical services for the Navy's new enterprise network, such as network management and monitoring, help-desk support, user administration and information assurance.

Under the Navy's NMCI contract, the Navy provides the site for the network operations centers but EDS provides everything else.

EDS has already constructed three network operations centers: the Naval Station in Norfolk, Va., the Naval Air Station North Island in Coronado, Calif., and Ford Island in Oahu, Hawaii.

The Navy and EDS are still scouting sites for the fourth center. They are still considering placing the fourth center at Quantico, if possible, said NMCI spokeswoman Jennifer McGraw.

Part of the reason for housing the global center in Norfolk is that it will be near the Navy's new Naval Network Warfare Command, which is responsible for all the service's information technology networks, information operations and space requirements, McGraw said.

The global center will be a focal point for computer network defense.

EDS' original plan was to build six network operations centers with centers at Naval Station Bremerton, near Seattle, and Naval Air Station Jacksonville in Florida. Those facilities will be transformed into server farms that, if necessary, could be transformed into network operations centers, EDS officials have said.

The NOCs provide mission-critical services for the Navy's new EDS-owned network, such as network management and monitoring, help-desk support, user administration and information assurance.

Capt. Chris Christopher, deputy program executive officer for information technology at the Navy Department, noted that NMCI is a contract for a service. Therefore, the Navy does not dictate to EDS how to provide that service but has instead established service levels that EDS must meet. EDS then decides how best to meet those service levels. ********************** Mercury News Judge orders alleged cybersquatter to shut down anti-abortion Web sites

MINNEAPOLIS (AP) - A federal judge has ordered a South St. Paul man to shut down his anti-abortion Web sites with domain names that are confusingly similar to the trademarked names of some of the nation's best known companies.

U.S. District Judge Ann D. Montgomery issued a temporary restraining order Tuesday against William S. Purdy Sr. on behalf of McDonald's Corp., PepsiCo Inc., Coca-Cola Co., The Washington Post Co. and Washingtonpost.newsweekInteractive Co.

She ordered Purdy to immediately shut down his Web sites with the confusing names and transfer their ownership to the appropriate companies.

Montgomery also ordered Purdy not to create any more Web sites with names similar to trademarked names owned by the companies and that don't alert Internet users to nature of the Web site's content within the domain name.

Purdy said Tuesday that he'll appeal the injunction. He said he is buying addresses like bloodycoca-cola.com or pepsideathmills.com to continue his anti-abortion protest.

Purdy, who represented himself, argued that the companies don't like what he has to say and that the issue is one of free speech. He has said that he opposes the Post's abortion rights editorial position and Coke's contributions to Planned Parenthood. He said it was impossible to criticize a company without using its name.

Most of the sites, which divert traffic to anti-abortion Web sites, were set up July 4. The sites contain disclaimers and graphic images of aborted fetuses. ************************* Chronicle of Higher Education After Complaint, U. of Southern Maine Debates Reviewing All Distance-Education Materials By SCOTT CARLSON

Some faculty members at the University of Southern Maine are furious about a faculty committee's proposal to require that videotapes and other materials for distance-education courses be reviewed by the university before the materials are used in class.

The four-member faculty committee was formed after a distance-education student was offended by a tenured professor's remarks in a videotaped lecture. John Broida, the professor of psychology in the middle of the case, is known by his colleagues to be a provocative lecturer. In the videotaped lecture, made while teaching students about intelligence tests, he said: "Do you know that on average blacks have a lower IQ than whites? Yes, have you noticed that? It's true."

After a student complained about Mr. Broida's remarks, the university administration set up the committee to study diversity issues related to distance learning and then make recommendations. Among the recommendations was the assertion that statements on course tapes "reflect the quality and integrity of the individual making the statements and the institution issuing the statements."

The report urges the university's distance-education committee to "examine whether a procedure should be developed for assessing the accuracy and integrity of such statements prior to their release to the public."

As part of the controversy, one of Mr. Broida's summer courses was cancelled. He has filed a grievance with the university.

Members of the university's faculty union, which has stood behind Mr. Broida and has hired a lawyer for him, have been irked by the committee's recommendations. "The idea of having a committee censor a videotape that's used in distance-ed is the most contentious piece of this committee," says Donald F. Anspach, an associate professor of sociology who is co-president of the faculty union. "We believe that's clearly a violation of academic freedom, because that's about telling us what we can teach."

Bob Caswell, the university's spokesman, says that administrators will meet with faculty members in the fall to review the recommendations. He says that administrators haven't discussed in detail the recommendation to screen the tapes. "We will maintain a commitment to academic freedom," he says. ************************* News.com MSN TV prank creating "emergencies"


By Robert Lemos
Staff Writer, CNET News.com
July 23, 2002, 2:15 PM PT

MSN TV users are inadvertently calling emergency services after falling prey to a prank program that changes the daily dialup number on their set-top boxes to 911. The program arrives in an e-mail message with the subject line "NEAT" and has been plaguing users since at least April, according to posts on newsgroups regarding WebTV, the former moniker for Microsoft's interactive TV service.

"When my mother tried to log on to WebTV, it started to dial 911," said one woman in a newsgroup post. "She shut it off but we got a call from the police department anyway checking to see if anything was wrong."

"One lady in her group ended up with the sheriff knocking at her door," the woman wrote.

The prank is not the first time that a malicious program has been used to call 911. In April 2000, the National Infrastructure Protection Center warned that a computer virus was causing infected PCs to dial emergency services.

Many users have called the MSN TV program a virus, and it's not readily clear if it can spread on its own. One site claims that it will send itself out to others using the MSN TV box's e-mail system, but the report is unconfirmed.

A Microsoft Network spokesperson said the program has not had a wide effect on the company's customers. "Apparently it was an isolated incident and it affected only a handful of customers," the representative said.

The representative said a patch will be issued later today in response to the 911 attachment. "This should take care of the issue, so other MSN TV customers won't have to worry about it," the representative said.

Many details of the program are still unclear, but according to a MSN TV-related Web site known as Diane's News Source, the prank code also changes fonts and other MSN TV settings. The messages carrying the prank program can come from many sources, including people that you seem to know and sometimes arrive with subject lines other than "NEAT." ********************** Federal Computer Week Roster change Federal Government

Brian Burns has been appointed as the chief information officer for the Bureau of Indian Affairs. He formerly was the deputy assistant secretary for information resources management and the deputy information officer at the Department of Health and Human Services.

"I depend on the chief information officer to keep the BIA's computer network well-maintained and secure for our employees and service beneficiaries," said Neal McCaleb, assistant secretary for Indian affairs at the Interior Department, in announcing Burns' appointment July 19.

While at HHS, Burns oversaw the department's enterprise information technology investment strategy, architecture and the security of about $3.5 billion annually across 12 agencies, including the Indian Health Service, the Centers for Disease Control and Prevention, the Centers for Medicare and Medicaid Services, the Food and Drug Administration, the National Institutes of Health and the Office of the Secretary. He directed daily IT operations for the Office of the Secretary and oversaw HHS' Year 2000 conversion.

***

John Magaw is leaving the fledgling Transportation Security Administration, just six months after taking the helm. Transportation Secretary Norman Mineta accepted Magaw's resignation July 18 as undersecretary of transportation for security.

James Loy will take over the position. Upon his retirement as commandant of the Coast Guard in May, Loy was named deputy undersecretary and chief operating officer at TSA.

For more, see "TSA chief resigns from agency"{/fcw/articles/2002/0715/web-magaw-07-19-02.asp}.

***

David McClure, the General Accounting Office's director of IT management issues, will be leaving GAO in August to join the Council for Excellence in Government as vice president for electronic government.

In his new role, McClure will be the strategic lead for the council's e-government efforts and will help expand its intergovernmental partnerships. He also will work on shaping its e-government fellows program, a leadership development initiative for government IT managers.

For more, see "IT watchdog leaving GAO"{/fcw/articles/2002/0715/web-gao-07-19-02.asp}.

***

Rick Rosenburg, who has been EDS' program executive for the Navy Marine Corps Intranet since December 1999, has been promoted to lead the development and implementation of enterprisewide efforts for other government clients.

He will be succeeded by Bill Richard, a 22-year EDS veteran and formerly enterprise client executive for EDS' business with Continental Airlines Inc.

For more, see "EDS changes NMCI leadership"{/fcw/articles/2002/0722/web-eds-07-22-02.asp}.

***

Linda Massaro, director of the Office of Information and Resource Management and chief information officer at the National Science Foundation, left the agency for a two-year detail to the IRM College at the National Defense University.

Massaro joined NSF in 1996 after several years at the State and Agriculture departments. She started her federal service with more than a decade of experience at the Navy and Marine Corps.

Nathaniel Pitts, previously director of NSF's Office of Integrative Activities, took over Massaro's duties in an acting capacity July 15.

***

President Bush announced July 17 that he intends to nominate Marion Blakey to be administrator of the Federal Aviation Administration for a five-year term.

Blakey has served as chairwoman of the National Transportation Safety Board since her confirmation by the Senate in September 2001. She has a long record of government service. From 1992 to 1993, she served as the administrator of the Transportation Department's National Highway Traffic Safety Administration. She has also held positions in the departments of Commerce and Education, the National Endowment for the Humanities and the White House.

***

Richard Arnold has been named director of training solutions at Unitech Inc., the company announced July 17.

Arnold will help to enhance Unitech's portfolio of training and simulation offerings, as well as assist government customers with developing training strategies, implementation plans and performance metrics to meet their organizational missions and objectives.

Arnold previously served for 20 years with the Coast Guard, most recently as the training officer of its training center in Petaluma, Calif. There, he was responsible for directing one of the service's largest vocational training programs. Among other accomplishments, he restructured training systems to support the increased demand for law enforcement professionals to fill homeland security-related jobs. He also led an advanced distributed learning initiative that converted courses taught at a major Coast Guard school to computer and Web-based training.

***

Transportation Department Secretary Norman Mineta announced July 19 the selection of federal security directors for 24 airports who will also assume responsibility for an additional 40 airports.

* Fred Lau, Metropolitan Oakland International Airport, Calif.: Lau has served more than 30 years with the San Francisco police department where his last assignment was as chief of police. He also will assume responsibilities at the Stockton, Calif., Metropolitan Airport.

* Richard Fought, Durango/LaPlata County Airport, Colo.: Fought served as a senior instructor for the Arkansas Law Enforcement Training Academy. He also will assume responsibilities at airports in Alamosa and Cortez, Colo., and Farmington, N.M.

* Rene Dhenin, Grand Junction-Walker Field Airport, Colo.: Dhenin last served as a supervisory special agent with the Transportation Security Administration's security field office in Denver where he oversaw security operations for airports in Colorado and Wyoming. He also will assume responsibilities at the Gunnison County Airport, the Montrose County Airport and the Telluride Regional Airport, all in Colorado.

* Douglas Perkins, Southwest Florida International Airport, Fort Myers, Fla.: Perkins has worked for the Federal Aviation Administration for more than 19 years, most recently as the manager of the Mission and Requirements Analysis Division. He will also assume responsibilities for the Naples, Fla., Municipal Airport.

* Frank Capello, Sarasota Bradenton International Airport, Fla.: Capello served more than 23 years with the FAA, most recently as the federal security manager at the Miami International Airport. He will also assume responsibilities at the St. Petersburg-Clearwater International Airport in Clearwater, Fla.

* Quinten Johnson , Tallahassee Regional Airport, Fla.: Johnson has 28 years of transportation safety and security experience, most recently serving as the director of the FAA's Office of Security Policy and Planning. He will also assume responsibilities at airports in Dothan, Ala., and Albany and Valdosta, Ga.

* Timothy Brooks, West Palm Beach International Airport, Fla.: Brooks recently retired from the Marine Corps. His last assignment was as commanding officer of the Marine Expeditionary Force Headquarters Group in Camp Pendleton, Calif.

* David Chovancek, Bloomington-Normal Airport, Ill.: Chovancek served more than 14 years in military intelligence for the Army, including counterintelligence and counterterrorism operations. He will also assume responsibilities at the University of Illinois-Willard Airport in Savoy, Ill.

* Terry Burgess, Cincinnati/Northern Kentucky International Airport, Ky.: Burgess last worked for Continental Airlines, where he served as the principal security inspector and the primary liaison to the federal government for aviation security.

* Lanny Miller, Bluegrass Airport, Lexington, Ky.: Miller recently worked in TSA's Security Liaison Division. He previously worked for the U.S. Postal Service, and since 1991, he supervised all criminal investigations conducted by postal inspectors in the Eastern Kentucky Federal Judicial District.

* Robert Besal, New Orleans International Airport, La.: Besal recently retired from the Navy and most recently served as commander of the Operational Test and Evaluation Force.

* Ellis Brumbaugh, Cherry Capital Airport, Traverse City, Mich.: Brumbaugh, a former colonel in the Army National Guard, is a retired detective with more than 15 years experience with the Ingram County, Mich., sheriff's department. He also will assume responsibilities at airports in Alpena, Sault Ste. Marie, Manistee and Pellston, Mich.

* William Switzer, Lambert-St. Louis International Airport, Mo.: Switzer, a former Navy pilot, most recently served as a technical director in the Systems Engineering Group of the Anteon International Corp.

* Michael Kudlacz, Eppley Airfield, Omaha, Neb.: Kudlacz is a former major general in the Air Force. His last assignment was in the Defense Threat Reduction Agency as the director of on-site inspection. He will also assume responsibilities at the Sioux Gateway Airport in Sioux City, Iowa, and the Karl Stefan Memorial Airport in Norfolk, Neb.

* Vincent Amoresano, Atlantic City International Airport, N.J.: Amoresano is the former chief of police for the Paterson, N.J., Police Department, where he served for more than 27 years. He also will assume responsibilities at the Salisbury/Wicomico County Regional Airport in Salisbury, Md., and the Trenton-Mercer Airport in Trenton, N.J.

* Jerome Witt, James M. Cox Dayton International Airport, Ohio: Witt has more than 29 years of law enforcement experience, including serving as an international police monitor for the State Department in Yugoslavia.

* William Hice, Rogue Valley International-Medford Airport, Ore.: Hice has worked in aviation security for 11 years, most recently as the supervisory special agent for 15 airports throughout Montana and Washington. He also will assume responsibilities at the Klamath Falls Airport.

* James Golden, Philadelphia International Airport, Pa.: Golden has worked in law enforcement for more than 30 years and most recently served as director of the Trenton, N.J., Police Department.

* Joseph Salter, T.F. Green State Airport, Providence, R.I.: Salter has served in several airport and transportation security and emergency operations positions. He also will assume responsibilities at airports in Hyannis, Provincetown, Vineyard Haven and Nantucket, Mass.

* Mike Tarman, Greenville-Spartanburg Airport, S.C.: Tarman, a retired Army colonel, most recently served as a bureau administrator for the Arizona Department of Corrections. He will also assume responsibilities at the Asheville Regional Airport in Fletcher, N.C.

* Charles Brockman, McGhee Tyson Airport, Alcoa, Tenn.: Brockman has worked for the FAA for more than 16 years, most recently as the manager of the Nashville Security Field Office responsible for operational support and oversight of civil aviation security for 17 airports in the region. He also will assume responsibilities at the Chattanooga Metropolitan Airport and the Tri-Cities Regional Airport in Blountville, Tenn.

* George Harkness, Burlington International Airport, Vt.: Harkness is a former Navy commander whose last assignment was at the Naval Sea Systems Command, Washington, D.C. Most recently, Harkness worked in law enforcement with the Dublin, Ohio, Police Department. He also will also assume responsibilities at the Lebanon, N.H., Municipal Airport, the Clinton County Airport in Plattsburgh, N.Y., and the Rutland State Airport, Vt.

* Robert Schnekel, Roanoke Regional Airport, Va.: Schnekel, a former special agent with the Army, most recently served in the Treasury Department as a senior adviser for terrorism and violent crime. He will also assume responsibilities for airports in Bluefield, Lewisburg and Raleigh, W.Va.

* David Kuper, Spokane International Airport, Wash.: Kuper works for the FAA as a security program manager. In the past, Kuper worked on the design of security systems for Denver International Airport. He will also assume responsibilities for airports in Lewiston, Idaho, and Moses Lake, East Wenatchee and Pullman, Wash. *************************** Federal Computer Week Treasury shrinks IT staff

The Treasury Department is cutting about 40 percent of the information technology jobs on its staff about 75 jobs and realigning the workforce.

The goal is to get rid of redundancies as part of an overall strategy to outsource more management functions, according to acting chief information officer Mayi Canales.

In the coming months, the CIO's staff will be cut from about 200 employees to about 125. The timing depends on human resources and finding new jobs for those whose positions will be eliminated.

"I'm cutting. I'm streamlining staff and improving performance and...aligning staff more with a business function," Canales said in an interview with Federal Computer Week July 15. "I'm getting ready to go more for managed services, less and less internal management, and more and more external management."

Canales is working to find jobs for the cut workers in other agencies or other areas of Treasury. Some people will be assigned to special details that may lead to job offers, she said.

"We'll keep them in special projects and help them until they get somebody," Canales said.

In analyzing her staff, Canales said she looked strictly at the functions of every job and determined that there were redundancies or other ways of doing the work.

For example, she said four people were handling workforce issues. But employees can get their own information from various IT sources, such as HR Connect, the department's online human resources system, or e-learning programs that help train workers for new jobs.

"Employees can do this for themselves," she said. "I don't have the dollars to spend on four people."

With a yearly IT budget of about $3.4 billion, Canales wants to invest in functions that will help build Treasury's technology infrastructure and not fund those that don't.

Similar scenarios could arise across government as agencies try to stretch funds and avoid duplication and redundancies.

"The rest of the government is under directive from [the Office of Management and Budget] to cut back and reduce the number of federal jobs, open them up to the private sector," said a spokesman for the National Treasury Employees Union.

Under President Bush's plan, 170,000 federal jobs would be moved to the proposed Homeland Security Department. IT workers are already moving to the new Transportation Security Administration, which would be part of the department.

"While not tempting people to leave any particular agency to join TSA, I am always open to folks with the right credentials to come and help us achieve our aggressive mission objectives," said Patrick Schambach, CIO at TSA. "I already have some folks that came out of Treasury."

Nevertheless, the CIO Council's Workforce and Human Capital for IT Committee predicts a shortage of IT workers, according to Ira Hobbs, co-chairman of the committee. "It will lead us to not having enough folks with an IT perspective," he said. *************************** Government Computer News EPA moves forward on PeopleSoft implementations

By Patricia Daukantas
GCN Staff

The Environmental Protection Agency recently passed the one-year anniversary of its PeopleSoft 7 human resources application, and the agency is working on upgrading the HR module to the Web Version 8.3.

EPA's target date is July 2003 for rolling out the HR, time and labor, and payroll modules from PeopleSoft Inc., said Robert Thorlakson, EPA's human resource functional staff director. He spoke yesterday at a Washington conference sponsored by the Pleasanton, Calif., company.

Even with 13 remote locations, the entire agency was able to go live with PeopleSoft 7's human resources module on the same date, last July 1, Thorlakson said.

EPA used PeopleSoft's own support staff instead of a third-party integrator to install the client-server PeopleSoft 7 module, he said. His staff sent a snapshot of the agency's production system to the PeopleSoft laboratory in April to help with the customization of Version 8.3.

Just having the personnel data online should increase data integrity, Thorlakson said. EPA's 18,000 employees will be able to check their own accounts and make a limited number of alterations, such as routine address changes and records of on-the-job training.

"People just don't update their education" in their paper personnel files, he added.

Going live last year with PeopleSoft 7 decreased personnel transaction processing time by 50 percent. Thorlakson said he expects that the change to the browser-based Version 8.3 will increase productivity even further. *************************** Government Executive Pentagon gives up part of airwaves for wireless industry

By Teri Rucker, National Journal's Technology Daily

Federal agencies charged with overseeing the nation's airwaves have found a way to move government spectrum users to make 90 megahertz available to the wireless industry by 2008, government officials said Tuesday during a press conference. As part of the plan, the Bush administration on Tuesday submitted to Congress legislative language that would create a trust fund to reimburse government users that must move.

The National Telecommunications and Information Administration (NTIA) and the FCC completed a viability assessment that found 45 MHz of spectrum each in the 1710 to 1770 MHz bands and the 2110 to 2170 MHz bands without disrupting communications systems critical to national security.

The industry has been lobbying Congress and the administration to make spectrum in those bands available but found formidable opposition within the Defense Department. The Pentagon insisted that comparable spectrum be found for reallocation, that the costs to move be covered and that security operations not be interrupted.

Steven Price, deputy assistant Defense secretary, praised the proposal, noting that "military capabilities will not be degraded because [Defense] is gaining access to comparable spectrum where needed, receiving cost reimbursement and being afforded time to adjust to our operations."

The Commerce Department, which oversees NTIA, sent draft legislation that would create a trust fund for reimbursing incumbent government users for the cost of moving to different spectrum.

NTIA Director Nancy Victory said she is optimistic that Congress will pass the legislation before it adjourns for the year, noting that there is bipartisan support for the proposal, although sponsors have not yet been found.

Senate Commerce Committee Chairman Ernest (Fritz) Hollings, D-S.C., and Sen. Daniel Inouye, D-Hawaii, issued a joint statement lauding the resolution to the spectrum question. The lawmakers said they soon would introduce legislation that addresses "a number of spectrum-management issues, including the reimbursement of government users when they are required to relocate." A spokesman for Hollings noted that Hollings would craft his own bill.

While Rep. Edward Markey, D-Mass., supports allocating additional spectrum for the industry, "it is a tall order to expect Congress to legislate on this before adjournment," said Colin Crowell, an adviser to Markey.

"There is a general consensus that more spectrum is better than less spectrum, but the details need airing," Crowell said, noting that Markey would push for inclusion of his legislation that would create grants out of spectrum-auction proceeds to fund educational and other programs, and to digitize library and museum content.

"This is a package deal," Price said. All agencies must meet their obligations, from assessing the cost to vacate spectrum to the FCC promulgating rules for spectrum allocation and auctioning it, to Congress approving the trust fund. "If they don't do it," he said, "we don't move."

Officials expect the FCC to be able to auction the spectrum by 2004 or 2005it must be cleared by 2008but it could happen earlier, depending on how quickly the process moves, they said. ***************************** Government Executive New site offers free online courses for federal workers By Brian Friel bfriel@xxxxxxxxxxx

Federal workers can take free online courses on about 30 subjects ranging from project management to coping with stress through a government-sponsored Web site that debuted Tuesday.

At a press briefing in Washington, officials from the Office of Personnel Management and Office of Management and Budget unveiled the Gov Online Learning Center at www.golearn.gov. Federal employees can take the courses, which take from two hours to eight hours to complete, at no charge to themselves or their agencies.

The launch of the Web site is the first step in the Bush administration's plan to make the Gov Online Learning Center a "one-stop" shop for e-training in the federal government. The learning center is one of the 24 major initiatives that the Bush administration is sponsoring as part of its e-government strategy.

Mark Forman, associate director for information technology and e-government at OMB, said the site would eliminate redundant online learning systems in various agencies, lowering the cost of courses through economies of scale. But Forman and officials from OPM either did not want to divulge, or did not know, the cost of the learning center so far.

OPM and the Transportation Administrative Services Center run the site. The administrative center, which is a fee-for-service operation at the Transportation Department, awarded a contract for a learning management system last month to GeoLearning, a West Des Moines, Iowa-based firm. The learning management system serves as the backbone of the site, handling student registration, course management and tracking.

Three companies will provide the courses. They are Nashua, N.H.-based SkillSoft, Naperville, Ill.-based NetG and San Antonio-based Karta Technologies.

While the site will offer a limited number of free courses, OPM and the Transportation center will start charging agencies for additional courses and services later this year.

Many other agencies have already set up online universities and e-learning sites. The National Security Agency and the Treasury Department's Franchise Business Activity, for example, run an e-learning site called FasTrac that 56 agencies use to access courses from the same three companies that the OPM and Transportation site uses.

Forman said that several agencies have already begun to develop migration plans for moving from their own online learning programs to the Gov Online Learning Center site. Other agencies have resisted the effort, he said. Asked about the NSA site during Tuesday's briefing, Forman said, "It's a core competency issue, isn't it?"

The Bush administration is not requiring that agencies drop their existing training programs, however, and officials say that the Gov Online Learning Center will complement many of the programs already in existence, while eliminating some redundant efforts.

Free courses available on the new site include "Emotional Intelligence at Work," "Foundations of Grammar," "Management Skills for the Diverse Workforce," "Leading through Change," and "MS Word 2000 Fundamentals." **************************** Washington Post Executives Advised to Take Role in Internet Security By Ellen McCarthy

Internet security issues need to be addressed in boardrooms and executive suites, not just data centers and network storage closets. That's the message one industry organization is trying to convey by targeting the upper echelon of management with a guide on how to ward off potential threats.

The guide, to be released today by the Internet Security Alliance, recommends that executives adopt 10 key practices in order to protect their organizations' vulnerable networks and content.

The Arlington-based alliance is the joint effort of Carnegie Mellon University's Software Engineering Institute, the institute's CERT Coordination Center and the Electronics Industries Alliance.

"We've been dealing over the years with a lot of security incidents, and typically we get the reports from the technical people, not the executives. Often they feel they are not getting the support that they need from the management," said Richard D. Pethia, director of CERT, formerly known as the Computer Emergency Response Team.

"There has been an attitude across government and management that this is a technical issue and technicians should be able to deal with it."

The guide, which will be available on the alliance's Web site (www.isalliance.org), suggests that senior managers identify the security risks within their organizations, create specific policies to address the problems, provide necessary funding to implement and maintain security measures, and make users accountable for their actions. Other recommendations include the use of system-monitoring tools, development of emergency recovery plans and the regulation of access to key physical assets.

The guidelines are based on a study of current security practices used by the alliance's members and CERT research on management policy issues. The founders say they hope the guide will serve as an outline of crucial steps for all organizations, regardless of size or industry, Pethia said.

Last week, the Center for Internet Security released a set of security standards and software that draws from the expertise of several government agencies, including the Pentagon and the National Security Agency.

Pethia said that as executives realize how much financial risk is associated with potential security breaches, they have become more interested in ways to prevent them.

"The awareness is really growing and has grown. Senior management is now paying attention, but we need to help them move beyond awareness and into understanding," Pethia said.

"The pain level [from network attacks] is going up. We haven't had the big Pearl Harbor, but we have incidents every day. Right now we're suffering death by a million paper cuts." ************************ Washington Post ICANN Forefather Wants More Democratic Internet Governance By David McGuire

Public participation may be messy, but the organization that manages the Internet's addressing system must give ordinary Internet users more say in its decisions, one of the men responsible for creating the domain-name management body said today.

"Expediency doesn't justify a lack of democratization," said Ira Magaziner, former senior adviser to President Clinton for policy development.

Magaziner, who set in motion the creation -- and U.S. Government recognition -- of the Internet Corporation for Assigned Names and Numbers (ICANN), made a rare public appearance today at a Cato Institute forum on Internet governance. Magaziner currently works for private consulting firm SJS Advisors.

ICANN manages the Domain Name System (DNS) under a series of agreements with the U.S. government. Those agreements are up for renewal in September.

When ICANN was established, Magaziner and others involved with the process expected that the body would quickly adopt polices to establish public participation, Magaziner said.

"I remain disappointed that that has not happened in the ways I would have hoped," Magaziner said, adding that if he were still in a position of power over ICANN, he would lean on the body to increase democratic participation.

"I do think [ICANN] could use some external force now that would require it to rethink and reform in a democratic direction," Magaziner said.

ICANN has embarked on an internal reform plan, but that plan abandons a structure that would have allowed ordinary Internet users to elect a portion of the ICANN board. ICANN President Stuart Lynn has openly criticized online elections, and has said that ICANN is not an "exercise in global democracy."

Magaziner said that while he has not been closely following ICANN's reform effort, he would disapprove of a plan that abandoned democratic involvement from individuals and non-governmental organizations (NGOs).

"I think there needs to be a broader representation of consumers and NGOs than now exists," Magaziner said.

But Joe Sims, ICANN's outside attorney, said Magaziner is too far removed from the ICANN process to see the problems the organization has had with online elections and the steps it has taken to include public voices in its processes.

"We spent three years throwing time and energy down the direct election rat-hole," Sims said. "I think if Ira was more knowledgeable about [ICANN's recent history] he would have been more generous in his comments."

In 2000, ICANN's sole attempt to hold global online elections resulted in the appointment of five board members (a minority on ICANN's 19-member board) to serve five global regions. Two of those elected members have been among ICANN's staunchest critics.

Lynn has argued that Internet elections -- the only sort ICANN can reasonably afford -- are dangerous and subject to capture by special interest groups.

Sims said ICANN's reform proposal, which calls for an internally selected nominating committee to chose most of the ICANN board, addresses concerns surrounding public representation without falling into the pitfalls of direct elections.

Magaziner said while he did not think ICANN should become a full-fledged global democracy modeled on the United Nations, it also should avoid becoming too autocratic.

"A U.N. process would be too slow," he said. "On the other hand, to say that a small group of people, whoever they are, can make decisions without democratic processes goes too far the other way."

"I know [democratic processes] make it a less tidy process, but you need it," he said.

Magaziner stopped short, however, of endorsing a proposal put forth by some of today's speakers that would call for the Commerce Department to re-bid the agreements under which ICANN operates the DNS.

"I'd hate to go back to where we were" before ICANN was created, Magaziner said. *************************** Washington Post Bush Admin. Unveils Wireless Plan By Matt Kelley

WASHINGTON The Pentagon has agreed to shift some military communications to other frequencies, freeing up space in the airwaves for advanced mobile phones and other wireless gadgets, the Bush administration announced Tuesday.

The plan is a victory for telecommunications companies that want a bigger piece of the airwaves to offer enhanced services such as streaming video and high-speed internet access to phones, handheld computers and other mobile devices.

The Defense Department had balked at giving up any of the frequencies it uses for military purposes, such as controlling satellites and guiding precision weapons.

Under the plan announced Tuesday, the Pentagon would give up two chunks of the spectrum, moving its uses to other frequencies by the end of 2008. The wireless companies that buy the rights to the Pentagon's former frequencies will pay for the transfer.

The National Telecommunications and Information Administration decided that a third slice of the airwaves was too important to the Pentagon to free up for commercial wireless uses.

The wireless industry cheered the compromise.

"It is a clear win for the economy, a win for consumers and a win for national security," said Tom Wheeler, president of the Cellular Telecommunications and Internet Association.

Wireless companies have been pushing to free up a specific range of frequencies that other countries plan to use for advanced wireless features. That would make it possible for someone to buy a phone or other handheld device here and roam internationally with it.

But in the United States, most of the space in that band of frequencies is occupied by the military and used for such systems as satellite controls, aircrew combat training and precision weapons guidance. The Pentagon had resisted making the change, saying to do so would harm national security and take until 2017.

Steven Price, the Pentagon's top official on the issue, said in a statement Tuesday the military is satisfied with the compromise.

The plan gives the military enough time, and enough space elsewhere in the spectrum, to shift its key functions without hurting its fighting capabilities, Price said.

On the Net:

National Telecommunications and Information Administration: http://www.ntia.doc.gov/

Cellular Telecommunications and Internet Association: http://www.wow-com.com/

Defense Department: http://www.defenselink.mil/
************************
Nando Times
Internet medicine trips up doctor

By STEVE WIEGAND, Sacramento Bee

SACRAMENTO, Calif. (July 23, 2002 4:17 p.m. EDT) - In the first case of its kind in California, a doctor faces the loss of his medical license for allegedly prescribing drugs illegally through the Internet.

Jon Steven Opsahl is accused of writing more than 8,000 prescriptions for antidepressants and painkillers to patients he never examined.

The Medical Board of California alleges Opsahl prescribed the drugs, during the course of a year, after talking on the telephone to patients from around the country who were referred to him by operators of a Texas-based Web site. According to the complaint, he received $60 for each consultation sent his way by the Web site, called Office In A Snap.

The Medical Board contends Opsahl violated an 18-month-old state law that bans physicians from dispensing potentially dangerous drugs via the Internet without first conducting a "good faith examination." The board has interpreted that phrase, in almost all situations, to mean an exam done in person.

Law enforcement and health officials say Opsahl's case, which goes before an administrative law judge Thursday in San Diego, is just the beginning of what they expect will be a steady stream of confrontations between traditional medical protocol and cyber-pharmacies.

"It's going to be a lot more common in the future," said Sanford Feldman, the deputy attorney general representing the Medical Board.

Opsahl maintains that while patients were referred to him through the Web site, the telephone consultations provided him with enough information to responsibly prescribe the drugs, and in fact represent a more efficient way of practicing medicine.

"I'm getting punished just because I didn't follow in goose-step marching order an outdated medical model that insists on a physical exam that isn't always necessary," he said.

There is no federal law regulating Web site pharmacies, leaving it to individual states to determine what is legal or not in dispensing drugs using the Internet.

Some sites, most of them approved by the National Association of Boards of Pharmacy, require written authorization from a customer's physician before filling prescriptions online.

But for a fee that can range from $40 to $120, many other sites offer to fill a prescription, often through another Web site, following an online or telephone consultation with a physician.

Others, especially sites based in other countries, require only that customers check a box affirming they are at least 18 years old and don't plan to abuse the drugs.

Internet pharmacies, known as "pill mills," send out thousands of unsolicited e-mails promising few-questions-asked delivery of drugs. Those who respond are directed to Web sites where they fill out questionnaires, use credit cards to pay often-exorbitant prices, then wait for the pills to be mailed.

To combat the pill mill problem, the California Legislature approved a bill that went into effect last year. The law specifically bans filling prescriptions via the Internet unless there was first a "good faith examination" by a qualified physician. It sets a fine of $25,000 for each prescription illegally approved by a California physician or filled by a California-based Web site.

Two months ago, the pharmacy board used the law for the first time, to fine a Los Angeles drugstore and two pharmacists for filling Internet prescriptions without a medical examination. But the doctors involved were from out of state and were not cited. The case is being appealed.

In addition to the legal problems they pose, non-accredited sites often charge prices far above those charged at approved sites. One offshore pharmacy, for example, recently was charging $129 for 50 tablets of Valium.

There is also the question of what you're getting.

"Drugs from those kinds of sites could be adulterated, they could be expired, they could be anything," said Patricia Harris, executive officer of the California Board of Pharmacy. "There's no guarantee they are anything close to what they purport to be."

While the Food and Drug Administration sets standards for drug purity, neither it nor any other federal agency does much to patrol Internet pharmacies. California health and law enforcement officials say it's a decidedly uphill battle to deal with sites that can be based anywhere in the world.

In the Opsahl case, for example, the Web site that connected patients with doctors for phone consultations was based in San Antonio. The site since has closed, and a San Antonio phone number for the company has been disconnected.

Absent an overriding federal law, state officials rely on each other to chase down rogue Internet physicians and pharmacies.

The Federation of State Medical Boards has run a clearinghouse for medical boards and law enforcement for the last two years, where state officials can trade information.

Although Opsahl is the first California physician to face disciplinary action for prescribing via the Web, Medical Board spokeswoman Candis Cohen said formal charges have been filed against two other doctors in California and 25 other investigations are under way.

Opsahl acknowledged that he did prescribe the antibiotic Cipro over an Internet site without a telephone consultation after the anthrax-in-the-mail scare of last October, but he said he stopped after being ordered to by the Medical Board.

Administrative Law Judge Stephen Hjelt, in an April order that suspended Opsahl's license until his case is heard, took a different view.

"Respondent's belief that talking over the phone with patients satisfied the requirement of a good faith examination is profoundly disturbing and demonstrates a combination of incredible arrogance and a woeful lack of judgment," Hjelt wrote.

If Opsahl is found guilty, the Medical Board can take a wide range of actions, from placing him on probation to stripping him of his license.

Whatever happens, Deputy Attorney General Feldman said, "this won't be the last case of its kind in California." ************************* Information Week Experts Seek Liability Protections To Improve Cybersecurity By Ted Bridis, The Associated Press

Congress is being asked to provide protections from liability lawsuits, antitrust restrictions, and public disclosure laws.

WASHINGTON--Experts in computer security, emboldened since Sept. 11 by renewed attention to threats of cyberterrorism, are asking Congress for protections from liability lawsuits, antitrust restrictions, and public disclosure laws as companies begin sharing more sensitive information about Internet attacks. In stark testimony prepared for a hearing today by the Government Reform subcommittee on government efficiency, some of these experts described the risks that foreign hackers one day soon may attack the computerized systems controlling the nation's electrical or water networks.

"Today, some say it would be easier for a terrorist to attack a dam by hacking into its command-and-control computer network than it would be to obtain and deliver the tons of explosives needed to blow it up," said Stanley 'Stash' Jarocki, who heads a threat-warning network established by some of the country's largest financial institutions. "Even more frightening, such destruction can be launched remotely, either from the safety of the terrorist's living room, or their hideout cave."

Another expert, Joseph Weiss of KEMA Consulting, complained that not enough has been done in the months after the Sept. 11 terror attacks to buttress cybersecurity, while the government's primary focus has been to improve physical security around buildings, airports, and other facilities.

These experts said that even as new vulnerabilities are discovered in modern technology, companies increasingly are connecting vital systems via the Internet because of cost-savings and efficiency.

"Companies have the capacity to manage their infrastructure with never-before-seen ease," said Marc Maiffret, the co-founder of eEye Digital Security Inc., which sells security software. "Fifteen field offices can be managed from one central location."

Maiffret said this newfound convenience presents unprecedented risks. "The attack would be able to take advantage of the functionality ... to seize control of a power plant, a water-treatment plant, a dam, or even an amusement park," he said. Maiffret recommended all employees within companies that operate important systems undergo background checks, in some cases as rigorous as ones needed for government clearances.

But Maiffret added that this threat largely remains a distant one. "Terrorists are only recently starting to realize the benefits of having people within their organizations that have real hacking skills."

Douglas Thomas, an associate professor of communications at the University of Southern California, agreed that while the U.S. government needs to pay attention to these threats, media reports often exaggerate the risks. "Cyberterrorism is a lot more difficult than many people assume."

Jarocki, the security expert for banks, urged the panel to approve new legislative protections for companies willing to share information among themselves and with government. He said new rules are needed, similar to Y2K liability protections, when customers were prohibited from suing a company if it could demonstrate that it made good-faith efforts to keep its computers running safely.

"The sharing of information may lead to liability lawsuits against the company or its officers and directors," Jarocki said. "The chilling effect of potential liability lawsuits on voluntary speech cannot be underestimated."

He also asked for exemptions under antitrust laws to protect companies sharing information about Internet attacks among competitors, and for exemptions under the U.S. Freedom of Information Act to protect any disclosures companies might make to government agencies about attacks.

Another expert, Alan Paller of the SANS Institute, recommended that Congress require all federal agencies to measure the security of their computers against minimum requirements. He also said that experts hired to identify weaknesses in computer networks should make the necessary changes to fix any such problems. ************************** Info World Study: database developers see Internet as critical By David Legard

THE INTERNET REMAINS critical for companies accessing and collecting commercial information and dominates the plans of businesses seeking new and improved methods for tapping their mission-critical data, according to a survey of database developers carried out recently by market research company Evans Data.

While the commercial Internet industry flounders, and even as IT budgets contract, database specialists see as increasingly important strategies for managing Web-based data -- including real-time updating, data collection and dynamic page creation, according to the results of the survey of over 700 North American database specialists.

According to Evans Data's Summer 2002 Database Developers survey, 72 percent of database developers rate dynamic page creation as critical, and 72 percent also regard automatic site updating as important.

The mobile area is also garnering attention, with 47 percent of survey respondents indicating that they are developing database applications that support wireless or handheld devices, or plan to do so within 12 months. This figure indicates a much stronger focus on mobile Internet-based applications than was seen in last year's survey, with PDAs (personal digital assistants) being the favored platform to develop applications for, Evans Data said.

But direct security breaches against databases have increased over the past year, with 20 percent of respondents reporting a breach, up from 12 percent in the last survey conducted six months ago. The most common form of attack was from external viruses, according to the survey respondents.

Many of the respondents said they had beefed up their security systems, employing a variety of methods to protect data. The most popular security technology was network authentication/firewall, used in 83 percent of the surveyed sites, operating system-based security features (74 percent), regular changes of passwords (63.2 percent), built-in database security features (37.3 percent) and directory service (27.4 percent). ************************ Info World OASIS forms WS-Security committee

MICROSOFT AND IBM moved one step closer to turning their security specification into a standard on Tuesday.

Clearing a significant hurdle for the WS-Security standard to gain recognition as a trusted means for applying security to Web services, standards body OASIS (Organization for the Advancement of Structure Information Standards) formed a technical committee to give vendors a crack at the immature specification.

First published in April as part of a working partnership between Microsoft, IBM, and VeriSign, the WS-Security specification defines a standard set of SOAP extensions, or message headers, which can be used to set and unify multiple security models, mechanisms, and technology -- such as encryption and digital signatures for instance -- onto Web services applications which traverse the Internet.

Aside from an initial WS-Security road map, the trio also proposed specifications yet to come that address a variety of other security, policy, messaging, and trust issues associated with Web services security. They include WS-Policy, WS-Trust, WS-Privacy, WS-Secure Conversation, WS-Federation, and WS-Authorization.

The first meeting of the technical committee is slated be held the first week of September and hosted by Sun Microsystems, said officials of the Billerica, Mass.-based OASIS standards consortium in a statement on Tuesday.

"We are encouraged to see Microsoft and IBM contributing their specification under royalty-free terms to OASIS," said Bill Smith, director of Liberty Alliance Technology at Palo Alto, Calif.-based Sun Microsystems in a statement. "It will now be possible for the community to evaluate and build upon this technology out in the open."

Largely due to its reluctance to join the IT and vertical vendor-led Liberty Alliance Consortium and its mission to create a standard for federating identities online up until last week, Microsoft has been criticized by many in the past for a perceived heavy proprietary leaning toward Web services security. The Redmond, Wash.-based software behemoth, however, is slowly warming up to open-source efforts at the behest of some very large financial and corporate customers unwilling to be squeezed out of any standards that emerge, said John Pescatore, vice president and research director of network security at Stamford, Conn.-based Gartner.

"In the financial world, big banks and credit card vendors have been very aggressive; they don't want proprietary control. In a lot of large enterprises, United and people of that ilk have been part of the Liberty committee. That's been the mechanism -- where they've been big buyers of Microsoft technology and are telling Microsoft 'we want these two [standards] to work together,'" Pescatore said. "But I think we need to see that pressure ratchet up here."

From the non-Microsoft side, Pescatore said it is not surprising that vendors such as Sun and other Liberty members pursued OASIS WS-Security technical committee membership due to vested interests and plugging particular holes the Liberty Alliance specification 1.0 is not designed to answer.

"WS-Security is technologically neutral and really needed. Sun and Liberty have to make sure that WS-Security stays open and they're onboard. I think this is why you see them trying to leap on here ... it's a reactive mode," he added.

Pescatore contends that the true vendor "battle" over specifications will arrive after the other WS-Security road map, or "undefined layers," begin to be revealed. He said the overly complex remaining layers could lead IBM and Microsoft to lean too much toward .Net and Kerberos.

The WS-Security specification will be engaged and advanced by BEA Systems, Sun Microsystems, IBM, Fujitsu, Intel, SAP, Commerce One, webMethods, TIBCO, IONA, Novell, Oblix, VeriSign, Blockade Systems, OpenNetwork, XML Global, Perficient, Documentum, SeeBeyond, Sonic Software, as well as other OASIS members. ************************* News Factor What is Grid Computing, any way?

One good way to gauge a new technology's degree of acceptance is to observe whether it has moved out of the laboratory and onto store shelves -- from science to commerce. According to that measure, grid computing is just coming of age. Often called the next big thing in global Internet technology, grid computing employs clusters of locally or remotely networked machines to work on specific computational projects. [Full Story, see http://www.newsfactor.com/perl/story/18722.html] ************************ BBC How random is pi?

Mathematicians have achieved a major step towards answering the question of whether numbers like pi and other mathematical constants are truly random and for the first time linked number theory with chaos theory. It is not just a mathematical curiosity they say. Proving that pi never repeats itself would be a major advance in our theory of numbers.

It may also allow the construction of unbreakable codes based on long sequences of random numbers.

The value of pi is known to 500 billion places. No cyclic patterns have been found and if mathematicians are correct none will ever be found no matter how many digits are calculated.

Hypothesis A

Pi, the ratio of a circle's circumference to its diameter, has been known for thousands of years to be mystifying. Some ancient Greeks built a religion around it.

Pi is a ubiquitous number whose first few digits are the well-known 3.14159. Pi will go on forever¿

All numbers of the same number of digits inside pi occur with the same frequency: 234 appears as often as 876, and 23,568 as often as 98,427. Mathematicians call such a number that behaves this way "normal".

Other normal numbers are the square root of 2 and the natural logarithm of 2.

According to David Bailey, of the Lawrence Berkeley National Laboratory in the US, the normality of certain maths constants is a result of some reasonable conjectures in the field of chaotic dynamics.

Chaotic dynamics states that sequences of numbers of a particular kind dance between two other numbers - a conjecture called "Hypothesis A".

Still with me?

The fact is that not a single instance of a number like pi has ever been proved normal. Mathematicians, it seems, are pretty fed up that they cannot do this.

This is where Hypothesis A comes in and a strange discovery made six years ago.

That discovery was made by David Bailey and Canadian mathematicians Peter Borewin and Simon Plouffe. They wrote a computer program that calculates an arbitrary digit of pi without calculating any of the preceding digits - something that was thought impossible.

The connection between BBP and Hypothesis A is that the BBP program produces just the kind of behaviour that the hypothesis predicts.

Bailey says: "At the very least we have shown that the digits of pi appear to be random: because they are described by chaos theory."

Practical spin-offs of this seemingly arcane research include random number generators and cryptography. ********************** Euromedia.net Mapping out the future of Russian internet

The Russian Communications Ministry has ordered the Department of Information to hold a tender on forecasting the development of the Russian internet segment throughout 2010.

A report based on this research will be heard at a meeting of the board of the Scientific and Technical Council of the Russian Communications Ministry in March 2003.

The council stresses the necessity of rendering state support for socially important services like distance learning, employment, public and personal security on the internet. ************************ Sydney Morning Herald Govt 'trying to prevent scrutiny of Net censorship laws'

The Federal Government is moving to prevent scrutiny of its Internet censorship laws which have been a dismal failure, according to the Australian Democrats.

In a media release, Australian Democrats IT spokesperson, Senator Brian Greig, said these changes would enable any government department to block legitimate public access to records simply by saying the records contained offensive material.

"Currently, the Broadcast Services Act allows the Australian Broadcasting Authority (ABA) to order websites to be banned under a very broad definition, but so far, its excesses have been monitored and curtailed by online civil liberties organisations such as Electronic Frontiers Australia," Senator Greig said.

"To date, this has been done through the legitimate use of the FOI Act. However, the Government's proposed changes to the FOI laws mean the ABA will be able to hide behind the Act in all its decisions and be protected from genuine public scrutiny".

"This knee jerk reaction from the Government is a direct response to probing questions from the Australian Democrats and the Electronic Frontiers Australia into the workings of the ABA," Senator Greig said.

"Back in 1999 changes to the Broadcasting Services Act forcing the ABA to apply unworkable censorship laws to Internet were criticised by the Australian Democrats.

"The application of those unworkable laws was so embarrassing to the Government, it now sees the need to introduce these changes to the FOI legislation." *********************** Sydney Morning Herald British government backs Open Source

The British government has decided to consider Open Source solutions alongside proprietary ones in its IT procurement and award contracts on a value for money basis.

The policy, published by the Office of Government Commerce (OGC) and made available by the Office of the e-Envoy was announced on Monday, nine days before the deadline set by Microsoft for businesses to switch to its new licensing scheme.

The policy document said that for interoperability, the government would use only products that support open standards and specifications.

Further, it would consider obtaining full rights to software code or customisations of proprietary software it procured and explore the possibilities of using only Open Source software for government-funded R&D software.

The policy was justified by citing the need for value for money, flexibility in development, ownership and security of government systems. In the last named, a reference was made to a Gartner report on the Nimda worm which infects Microsoft's Internet Information Server software.

The document said the OGC would update procurement guidelines to reflect this policy. **********************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips July 23, 2002
Next by Date: ACM TechNews - Wednesday, July 24, 2002
Previous by thread: Clips July 23, 2002
Next by thread: ACM TechNews - Wednesday, July 24, 2002
Index(es):
- Date
- Thread