[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips July 24, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips July 24, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 24 Jul 2002 11:42:39 -0400
- Cc: jffgrv@xxxxxxxxxxx
Clips July 24, 2002
ARTICLES
Democrats Say G.O.P. Add-ons Threaten Bill for Security Dept.
Report urges states to organize against cyberterror
Experts Speak on Cyberterrorism
Cybercorps to extend to states
Global NMCI nerve center picked
Judge orders alleged cybersquatter to shut down anti-abortion Web sites
After Complaint, U. of Southern Maine Debates Reviewing All
Distance-Education Materials
MSN TV prank creating "emergencies"
Roster changes Federal Government
Treasury shrinks IT staff
New site offers free online courses for federal workers
Executives Advised to Take Role in Internet Security
ICANN Forefather Wants More Democratic Internet Governance
Bush Admin. Unveils Wireless Plan
Internet medicine trips up doctor
Experts Seek Liability Protections To Improve Cybersecurity
OASIS forms WS-Security committee
What is Grid Computing, any way?
How random is pi?
Mapping out the future of Russian internet
Govt 'trying to prevent scrutiny of Net censorship laws' - Australia
British government backs Open Source
****************************
New York Times
Democrats Say G.O.P. Add-ons Threaten Bill for Security Dept.
By DAVID FIRESTONE
WASHINGTON, July 23 A substantial number of Democrats say they are
considering voting against the proposed Department of Homeland Security
when it reaches the House floor on Thursday, complaining that Republicans
had larded the bill with pet ideological projects.
Several Democratic lawmakers, including Representatives Charles B. Rangel
of New York, Sherrod Brown of Ohio and James L. Oberstar of Minnesota, say
they are voicing the feelings of many colleagues who want to support the
department but may vote against it even if that means facing campaign
advertisements attacking them as unpatriotic.
The provisions in the bill that bother many Democrats include cutting civil
service protections for department employees and limitations on lawsuits
against companies working on security technology. Republicans also inserted
a last-minute provision that would delay by a year the start of screening
airport baggage for explosives.
"They're loading up this homeland security bill with their entire corporate
agenda tort reform, anti-union stuff that has nothing to do with our
nation's security," Mr. Brown said. "For a lot of us, it's worth it to vote
against the bill."
Hoping to salvage the spirit of bipartisanship that once surrounded his
proposal, President Bush invited about 15 moderate Democrats to the White
House today to make his case for the new department and see if there might
be grounds for compromise. Participants said the president clearly did not
want to see a party-line vote on homeland security later this week, but did
not back off his forceful case for "management flexibility" that would ease
civil service rules for department employees.
The Democrats' threats may be little more than a warning to Republicans not
to shut them out of floor debate this week. Several members said the number
of amendments that Republicans allow Democrats to propose will determine
whether a majority of Democrats vote for the department. If the Republicans
strictly limit the ability of Democrats to remove the provisions they
dislike, the Homeland Security Department could suddenly become a partisan
issue, just a few weeks after members of both parties praised President
Bush for proposing it.
Even if Democrats get to vote on restricting civil service protections and
extending the deadline for baggage screening but fail to change the bill,
several say they will still vote against creation of the department.
"In the end," Representative Chet Edwards, Democrat of Texas, said, "I
still think most Democrats will vote for it, but it's a shame that all
these partisan issues have been injected that will force some members to
vote against it. These civil service protections are crucial to so many
people. You don't want an administration coming in and laying off Homeland
Security employees because they disagree with their political leanings."
Republican leaders have already made it clear that they will pounce on any
member who votes against creating the department. On Friday, after all four
Democrats on a special House panel voted against the department for many of
the same reasons, Representative Tom DeLay of Texas, the Republican whip,
quickly accused them of cowering to Democratic special interests, like unions.
Concerned that Republicans will make a vote against the bill an issue in
November races, some Democratic leaders are working behind the scenes on
compromises. Representative Jane Harman, a California Democrat who
supported a new department long before Mr. Bush did, said it would be "very
harmful" to the department and to the nation if her party rejected the
antiterrorism agency.
Ms. Harman and Representative Ellen O. Tauscher, another California
Democrat who attended today's meeting, proposed a compromise on the baggage
screening deadline, suggesting that if the dates for some security
measures, like armor-plating cockpit doors, were advanced, it might be
possible to move back the date for explosives screening.
The House Rules Committee is scheduled to decide by late Wednesday which
amendments will be allowed. Republican leaders said today that they would
work with Representative Richard A. Gephardt, the Democratic leader, to
allow some Democratic amendments to be proposed, and Representative Dick
Armey of Texas, the majority leader, said the debate might even extend into
Friday.
***************************
Computerworld
Report urges states to organize against cyberterror
The National Association of State Chief Information Officers (NASCIO) today
issued a report urging government leaders in all 50 states to set aside
political differences and make cybersecurity and critical-infrastructure
protection a top priority.
The report http://endowment.pwcglobal.com/pdfs/HeimanReport.pdf,
"Public-Sector Information Security: A Call to Action for Public-Sector
CIOs," was funded by the Arlington, Va.-based PricewaterhouseCoopers
Endowment for the Business of Government and builds upon lessons learned
during a conference on emerging cyberthreats attended by state officials in
November.
"Government leaders must set aside the federated cultures that foster
agency autonomy and 'my turf' thinking," wrote Don Heiman, the author of
the report and the former CIO of the state of Kansas. "More than anything
else, this report is a call to action, written with a sense of urgency and
dedicated to the victims and families of the September 11th attacks on
America."
The report specifically outlines 10 recommendations for state government
officials that the NASCIO and experts from PricewaterhouseCoopers said lay
the foundation for state governments to begin organizing and planning for a
future nationwide information-sharing network for first-responders and
cybersecurity officials.
However, one of the key recommendations calls for the states and the
federal government to fund the establishment of an interstate
information-sharing and analysis center (ISAC) similar to the series of
private-sector ISACs established by the federal government to detect and
warn of significant cyberthreats. According to the report, "It is very
common for small- and medium-sized states to see 4,500 intrusion attempts
per week." But many state governments lack both the money to establish
their own ISACS and the personnel with the IT security expertise to
properly defend against such cyberattacks.
Interstate ISACs "could provide these skills and aggregate state incident
data to support national strategic cybersecurity planning," the report states.
That's one of the highlights of the report's conclusions, said Richard
Webb, managing director of PricewaterhouseCoopers' digital tech practice
and the former CIO of the state of North Carolina. However, before a
national information-sharing and analysis architecture can be put in place
-- something that officials from the President's Critical Infrastructure
Protection Board have called upon the states to assist with -- the states
have to agree on a common road map, said Webb.
"The 50 states are all organized in different ways," said Webb. "This puts
a framework in place so that we can open up information-sharing across
public boundaries. Everybody's a player in this. But this is a first step
to put together a framework for state and local governments to organize."
The report also urges state legislators to pass laws that would protect
sensitive state government information that is shared across state
boundaries with other state governments, the federal government and the
private sector from inadvertent disclosure.
"Sharing will not occur unless there is an assurance of confidentiality
against state open records/sunshine laws and the federal Freedom of
Information Act," the report concludes. "Interstate sharing has been
limited because states fear that their security activities could become a
part of another state's open records when information is shared across
state boundary lines or with local or federal units of government."
A similar proposal to amend the Freedom of Information Act has been tied up
in Congress for more than a year.
**********************
Associated Press
Experts Speak on Cyberterrorism
Wed Jul 24, 6:04 AM ET
By TED BRIDIS, Associated Press Writer
WASHINGTON (AP) - Experts in computer security, emboldened since Sept. 11
by renewed attention to threats of cyber-terrorism, are asking Congress for
protections from liability lawsuits, antitrust restrictions and public
disclosure laws as companies begin sharing more sensitive information about
Internet attacks.
In stark testimony prepared for a hearing today by the Government Reform
subcommittee on government efficiency, some of these experts described the
risks that foreign hackers one day soon may attack the computerized systems
controlling the nation's electrical or water networks.
"Today, some say it would be easier for a terrorist to attack a dam by
hacking into its command-and-control computer network than it would be to
obtain and deliver the tons of explosives needed to blow it up," said
Stanley "Stash" Jarocki, who heads a threat-warning network established by
some of the country's largest financial institutions. "Even more
frightening, such destruction can be launched remotely, either from the
safety of the terrorist's living room, or their hideout cave."
Another expert, Joseph M. Weiss of KEMA Consulting, complained that not
enough has been done in the months after the Sept. 11 terror attacks to
buttress cyber-security, while the government's primary focus has been to
improve physical security around buildings, airports and other facilities.
These experts said that even as new vulnerabilities are discovered in
modern technology, companies increasingly are connecting vital systems via
the Internet because of cost-savings and efficiency.
"Companies have the capacity to manage their infrastructure with
never-before-seen ease," said Marc Maiffret, the co-founder of eEye Digital
Security Inc., which sells security software. "Fifteen field offices can be
managed from one central location,"
Maiffret said this newfound convenience presents unprecedented risks. "The
attack would be able to take advantage of the functionality ... to seize
control of a power plant, a water treatment plant, a dam or even an
amusement park," he said. Maiffret recommended all employees within
companies that operate important systems undergo background checks in some
cases as rigorous as ones needed for government clearances.
But Maiffret added that this threat largely remains a distant one.
"Terrorists are only recently starting to realize the benefits of having
people within their organizations that have real hacking skills."
Douglas Thomas, an associate professor of communication at the University
of Southern California, agreed that while the U.S. government needs to pay
attention to these threats, media reports often exaggerate the risks.
"Cyber-terrorism is a lot more difficult than many people assume."
Jarocki, the security expert for banks, urged the panel to approve new
legislative protections for companies willing to share information among
themselves and with government. He said new rules are needed, similar to
Y2K liability protections, when customers were prohibited from suing a
company if it could demonstrate that it made good-faith efforts to keep its
computers running safely.
"The sharing of information may lead to liability lawsuits against the
company or its officers and directors," Jarocki said. "The chilling effect
of potential liability lawsuits on voluntary speech cannot be underestimated."
He also asked for exemptions under antitrust laws to protect companies from
sharing information about Internet attacks among competitors, and for
exemptions under the U.S. Freedom of Information Act to protect any
disclosures companies might make to government agencies about attacks.
Another expert, Alan Paller of the SANS Institute, recommended that
Congress require all federal agencies to measure the security of their
computers against minimum requirements. He also said that experts hired to
identify weaknesses in computer networks also should make the necessary
changes to fix any such problems.
***********************
Federal Computer Week
Cybercorps to extend to states
The White House's national strategy to protect cyberspace, scheduled for
release in September, will contain a provision that extends a federal
scholarship-for-service program to the state level, said Richard Clarke,
cybersecurity adviser to President Bush.
The Federal Cyber Service program provides scholarships to undergraduate
and graduate students studying computer security in exchange for two years
of federal service. The first group of students is nearly finished with
their first year in the program.
Six universities the University of Tulsa, Carnegie Mellon University, the
Naval Postgraduate University, Iowa State University, the University of
Idaho and Purdue University have received scholarship money. Currently, 66
students ages 22 to 64 participate in the program.
The cybercorps is important because the government does not have enough
trained experts to protect federal systems, Clarke said, speaking July 22
at the 2002 Cyber Corps Symposium at the University of Tulsa. "We will
fight a future cyberwar," Clarke said. "Right now we are not in good
shape." The nation is dependent on cyberspace, which opens up
vulnerabilities that need to be fixed, he said.
Recognizing that state and local agencies also need trained professionals
to protect their networks, the cybersecurity strategy "calls upon state
governments to create a state cybercorps," Clarke said.
Clarke would not reveal additional details of the cybersecurity strategy.
The Cyber Service program is scheduled to get a boost from the emergency
supplemental funding bill scheduled for a vote in Congress this week. The
bill contains $19 million to expand the Cyber Service program, Clarke said.
"The president thought this was an emergency."
If the provision remains in the bill, the program would be extended to four
additional schools in September.
****************************
Federal Computer Week
Global NMCI nerve center picked
After an extensive search, the Navy and EDS have decided that the Navy
Marine Corps Intranet nerve center will remain at the existing network
operations center in Norfolk, Va.
The global network operations center was originally to be located at the
Marine base at Quantico, Va., but no space was available there, so the Navy
has been searching for a site.
NMCI's four network operations centers provide mission-critical services
for the Navy's new enterprise network, such as network management and
monitoring, help-desk support, user administration and information assurance.
Under the Navy's NMCI contract, the Navy provides the site for the network
operations centers but EDS provides everything else.
EDS has already constructed three network operations centers: the Naval
Station in Norfolk, Va., the Naval Air Station North Island in Coronado,
Calif., and Ford Island in Oahu, Hawaii.
The Navy and EDS are still scouting sites for the fourth center. They are
still considering placing the fourth center at Quantico, if possible, said
NMCI spokeswoman Jennifer McGraw.
Part of the reason for housing the global center in Norfolk is that it will
be near the Navy's new Naval Network Warfare Command, which is responsible
for all the service's information technology networks, information
operations and space requirements, McGraw said.
The global center will be a focal point for computer network defense.
EDS' original plan was to build six network operations centers with
centers at Naval Station Bremerton, near Seattle, and Naval Air Station
Jacksonville in Florida. Those facilities will be transformed into server
farms that, if necessary, could be transformed into network operations
centers, EDS officials have said.
The NOCs provide mission-critical services for the Navy's new EDS-owned
network, such as network management and monitoring, help-desk support, user
administration and information assurance.
Capt. Chris Christopher, deputy program executive officer for information
technology at the Navy Department, noted that NMCI is a contract for a
service. Therefore, the Navy does not dictate to EDS how to provide that
service but has instead established service levels that EDS must meet. EDS
then decides how best to meet those service levels.
**********************
Mercury News
Judge orders alleged cybersquatter to shut down anti-abortion Web sites
MINNEAPOLIS (AP) - A federal judge has ordered a South St. Paul man to shut
down his anti-abortion Web sites with domain names that are confusingly
similar to the trademarked names of some of the nation's best known companies.
U.S. District Judge Ann D. Montgomery issued a temporary restraining order
Tuesday against William S. Purdy Sr. on behalf of McDonald's Corp., PepsiCo
Inc., Coca-Cola Co., The Washington Post Co. and
Washingtonpost.newsweekInteractive Co.
She ordered Purdy to immediately shut down his Web sites with the confusing
names and transfer their ownership to the appropriate companies.
Montgomery also ordered Purdy not to create any more Web sites with names
similar to trademarked names owned by the companies and that don't alert
Internet users to nature of the Web site's content within the domain name.
Purdy said Tuesday that he'll appeal the injunction. He said he is buying
addresses like bloodycoca-cola.com or pepsideathmills.com to continue his
anti-abortion protest.
Purdy, who represented himself, argued that the companies don't like what
he has to say and that the issue is one of free speech. He has said that he
opposes the Post's abortion rights editorial position and Coke's
contributions to Planned Parenthood. He said it was impossible to criticize
a company without using its name.
Most of the sites, which divert traffic to anti-abortion Web sites, were
set up July 4. The sites contain disclaimers and graphic images of aborted
fetuses.
*************************
Chronicle of Higher Education
After Complaint, U. of Southern Maine Debates Reviewing All
Distance-Education Materials
By SCOTT CARLSON
Some faculty members at the University of Southern Maine are furious about
a faculty committee's proposal to require that videotapes and other
materials for distance-education courses be reviewed by the university
before the materials are used in class.
The four-member faculty committee was formed after a distance-education
student was offended by a tenured professor's remarks in a videotaped
lecture. John Broida, the professor of psychology in the middle of the
case, is known by his colleagues to be a provocative lecturer. In the
videotaped lecture, made while teaching students about intelligence tests,
he said: "Do you know that on average blacks have a lower IQ than whites?
Yes, have you noticed that? It's true."
After a student complained about Mr. Broida's remarks, the university
administration set up the committee to study diversity issues related to
distance learning and then make recommendations. Among the recommendations
was the assertion that statements on course tapes "reflect the quality and
integrity of the individual making the statements and the institution
issuing the statements."
The report urges the university's distance-education committee to "examine
whether a procedure should be developed for assessing the accuracy and
integrity of such statements prior to their release to the public."
As part of the controversy, one of Mr. Broida's summer courses was
cancelled. He has filed a grievance with the university.
Members of the university's faculty union, which has stood behind Mr.
Broida and has hired a lawyer for him, have been irked by the committee's
recommendations. "The idea of having a committee censor a videotape that's
used in distance-ed is the most contentious piece of this committee," says
Donald F. Anspach, an associate professor of sociology who is co-president
of the faculty union. "We believe that's clearly a violation of academic
freedom, because that's about telling us what we can teach."
Bob Caswell, the university's spokesman, says that administrators will meet
with faculty members in the fall to review the recommendations. He says
that administrators haven't discussed in detail the recommendation to
screen the tapes. "We will maintain a commitment to academic freedom," he
says.
*************************
News.com
MSN TV prank creating "emergencies"
By Robert Lemos
Staff Writer, CNET News.com
July 23, 2002, 2:15 PM PT
MSN TV users are inadvertently calling emergency services after falling
prey to a prank program that changes the daily dialup number on their
set-top boxes to 911.
The program arrives in an e-mail message with the subject line "NEAT" and
has been plaguing users since at least April, according to posts on
newsgroups regarding WebTV, the former moniker for Microsoft's interactive
TV service.
"When my mother tried to log on to WebTV, it started to dial 911," said one
woman in a newsgroup post. "She shut it off but we got a call from the
police department anyway checking to see if anything was wrong."
"One lady in her group ended up with the sheriff knocking at her door," the
woman wrote.
The prank is not the first time that a malicious program has been used to
call 911. In April 2000, the National Infrastructure Protection Center
warned that a computer virus was causing infected PCs to dial emergency
services.
Many users have called the MSN TV program a virus, and it's not readily
clear if it can spread on its own. One site claims that it will send itself
out to others using the MSN TV box's e-mail system, but the report is
unconfirmed.
A Microsoft Network spokesperson said the program has not had a wide effect
on the company's customers. "Apparently it was an isolated incident and it
affected only a handful of customers," the representative said.
The representative said a patch will be issued later today in response to
the 911 attachment. "This should take care of the issue, so other MSN TV
customers won't have to worry about it," the representative said.
Many details of the program are still unclear, but according to a MSN
TV-related Web site known as Diane's News Source, the prank code also
changes fonts and other MSN TV settings. The messages carrying the prank
program can come from many sources, including people that you seem to know
and sometimes arrive with subject lines other than "NEAT."
**********************
Federal Computer Week
Roster change Federal Government
Brian Burns has been appointed as the chief information officer for the
Bureau of Indian Affairs. He formerly was the deputy assistant secretary
for information resources management and the deputy information officer at
the Department of Health and Human Services.
"I depend on the chief information officer to keep the BIA's computer
network well-maintained and secure for our employees and service
beneficiaries," said Neal McCaleb, assistant secretary for Indian affairs
at the Interior Department, in announcing Burns' appointment July 19.
While at HHS, Burns oversaw the department's enterprise information
technology investment strategy, architecture and the security of about $3.5
billion annually across 12 agencies, including the Indian Health Service,
the Centers for Disease Control and Prevention, the Centers for Medicare
and Medicaid Services, the Food and Drug Administration, the National
Institutes of Health and the Office of the Secretary. He directed daily IT
operations for the Office of the Secretary and oversaw HHS' Year 2000
conversion.
***
John Magaw is leaving the fledgling Transportation Security Administration,
just six months after taking the helm. Transportation Secretary Norman
Mineta accepted Magaw's resignation July 18 as undersecretary of
transportation for security.
James Loy will take over the position. Upon his retirement as commandant of
the Coast Guard in May, Loy was named deputy undersecretary and chief
operating officer at TSA.
For more, see "TSA chief resigns from
agency"{/fcw/articles/2002/0715/web-magaw-07-19-02.asp}.
***
David McClure, the General Accounting Office's director of IT management
issues, will be leaving GAO in August to join the Council for Excellence in
Government as vice president for electronic government.
In his new role, McClure will be the strategic lead for the council's
e-government efforts and will help expand its intergovernmental
partnerships. He also will work on shaping its e-government fellows
program, a leadership development initiative for government IT managers.
For more, see "IT watchdog leaving
GAO"{/fcw/articles/2002/0715/web-gao-07-19-02.asp}.
***
Rick Rosenburg, who has been EDS' program executive for the Navy Marine
Corps Intranet since December 1999, has been promoted to lead the
development and implementation of enterprisewide efforts for other
government clients.
He will be succeeded by Bill Richard, a 22-year EDS veteran and formerly
enterprise client executive for EDS' business with Continental Airlines Inc.
For more, see "EDS changes NMCI
leadership"{/fcw/articles/2002/0722/web-eds-07-22-02.asp}.
***
Linda Massaro, director of the Office of Information and Resource
Management and chief information officer at the National Science
Foundation, left the agency for a two-year detail to the IRM College at the
National Defense University.
Massaro joined NSF in 1996 after several years at the State and Agriculture
departments. She started her federal service with more than a decade of
experience at the Navy and Marine Corps.
Nathaniel Pitts, previously director of NSF's Office of Integrative
Activities, took over Massaro's duties in an acting capacity July 15.
***
President Bush announced July 17 that he intends to nominate Marion Blakey
to be administrator of the Federal Aviation Administration for a five-year
term.
Blakey has served as chairwoman of the National Transportation Safety Board
since her confirmation by the Senate in September 2001. She has a long
record of government service. From 1992 to 1993, she served as the
administrator of the Transportation Department's National Highway Traffic
Safety Administration. She has also held positions in the departments of
Commerce and Education, the National Endowment for the Humanities and the
White House.
***
Richard Arnold has been named director of training solutions at Unitech
Inc., the company announced July 17.
Arnold will help to enhance Unitech's portfolio of training and simulation
offerings, as well as assist government customers with developing training
strategies, implementation plans and performance metrics to meet their
organizational missions and objectives.
Arnold previously served for 20 years with the Coast Guard, most recently
as the training officer of its training center in Petaluma, Calif. There,
he was responsible for directing one of the service's largest vocational
training programs. Among other accomplishments, he restructured training
systems to support the increased demand for law enforcement professionals
to fill homeland security-related jobs. He also led an advanced distributed
learning initiative that converted courses taught at a major Coast Guard
school to computer and Web-based training.
***
Transportation Department Secretary Norman Mineta announced July 19 the
selection of federal security directors for 24 airports who will also
assume responsibility for an additional 40 airports.
* Fred Lau, Metropolitan Oakland International Airport, Calif.: Lau has
served more than 30 years with the San Francisco police department where
his last assignment was as chief of police. He also will assume
responsibilities at the Stockton, Calif., Metropolitan Airport.
* Richard Fought, Durango/LaPlata County Airport, Colo.: Fought served as a
senior instructor for the Arkansas Law Enforcement Training Academy. He
also will assume responsibilities at airports in Alamosa and Cortez, Colo.,
and Farmington, N.M.
* Rene Dhenin, Grand Junction-Walker Field Airport, Colo.: Dhenin last
served as a supervisory special agent with the Transportation Security
Administration's security field office in Denver where he oversaw security
operations for airports in Colorado and Wyoming. He also will assume
responsibilities at the Gunnison County Airport, the Montrose County
Airport and the Telluride Regional Airport, all in Colorado.
* Douglas Perkins, Southwest Florida International Airport, Fort Myers,
Fla.: Perkins has worked for the Federal Aviation Administration for more
than 19 years, most recently as the manager of the Mission and Requirements
Analysis Division. He will also assume responsibilities for the Naples,
Fla., Municipal Airport.
* Frank Capello, Sarasota Bradenton International Airport, Fla.: Capello
served more than 23 years with the FAA, most recently as the federal
security manager at the Miami International Airport. He will also assume
responsibilities at the St. Petersburg-Clearwater International Airport in
Clearwater, Fla.
* Quinten Johnson , Tallahassee Regional Airport, Fla.: Johnson has 28
years of transportation safety and security experience, most recently
serving as the director of the FAA's Office of Security Policy and
Planning. He will also assume responsibilities at airports in Dothan, Ala.,
and Albany and Valdosta, Ga.
* Timothy Brooks, West Palm Beach International Airport, Fla.: Brooks
recently retired from the Marine Corps. His last assignment was as
commanding officer of the Marine Expeditionary Force Headquarters Group in
Camp Pendleton, Calif.
* David Chovancek, Bloomington-Normal Airport, Ill.: Chovancek served more
than 14 years in military intelligence for the Army, including
counterintelligence and counterterrorism operations. He will also assume
responsibilities at the University of Illinois-Willard Airport in Savoy, Ill.
* Terry Burgess, Cincinnati/Northern Kentucky International Airport, Ky.:
Burgess last worked for Continental Airlines, where he served as the
principal security inspector and the primary liaison to the federal
government for aviation security.
* Lanny Miller, Bluegrass Airport, Lexington, Ky.: Miller recently worked
in TSA's Security Liaison Division. He previously worked for the U.S.
Postal Service, and since 1991, he supervised all criminal investigations
conducted by postal inspectors in the Eastern Kentucky Federal Judicial
District.
* Robert Besal, New Orleans International Airport, La.: Besal recently
retired from the Navy and most recently served as commander of the
Operational Test and Evaluation Force.
* Ellis Brumbaugh, Cherry Capital Airport, Traverse City, Mich.: Brumbaugh,
a former colonel in the Army National Guard, is a retired detective with
more than 15 years experience with the Ingram County, Mich., sheriff's
department. He also will assume responsibilities at airports in Alpena,
Sault Ste. Marie, Manistee and Pellston, Mich.
* William Switzer, Lambert-St. Louis International Airport, Mo.: Switzer, a
former Navy pilot, most recently served as a technical director in the
Systems Engineering Group of the Anteon International Corp.
* Michael Kudlacz, Eppley Airfield, Omaha, Neb.: Kudlacz is a former major
general in the Air Force. His last assignment was in the Defense Threat
Reduction Agency as the director of on-site inspection. He will also assume
responsibilities at the Sioux Gateway Airport in Sioux City, Iowa, and the
Karl Stefan Memorial Airport in Norfolk, Neb.
* Vincent Amoresano, Atlantic City International Airport, N.J.: Amoresano
is the former chief of police for the Paterson, N.J., Police Department,
where he served for more than 27 years. He also will assume
responsibilities at the Salisbury/Wicomico County Regional Airport in
Salisbury, Md., and the Trenton-Mercer Airport in Trenton, N.J.
* Jerome Witt, James M. Cox Dayton International Airport, Ohio: Witt has
more than 29 years of law enforcement experience, including serving as an
international police monitor for the State Department in Yugoslavia.
* William Hice, Rogue Valley International-Medford Airport, Ore.: Hice has
worked in aviation security for 11 years, most recently as the supervisory
special agent for 15 airports throughout Montana and Washington. He also
will assume responsibilities at the Klamath Falls Airport.
* James Golden, Philadelphia International Airport, Pa.: Golden has worked
in law enforcement for more than 30 years and most recently served as
director of the Trenton, N.J., Police Department.
* Joseph Salter, T.F. Green State Airport, Providence, R.I.: Salter has
served in several airport and transportation security and emergency
operations positions. He also will assume responsibilities at airports in
Hyannis, Provincetown, Vineyard Haven and Nantucket, Mass.
* Mike Tarman, Greenville-Spartanburg Airport, S.C.: Tarman, a retired Army
colonel, most recently served as a bureau administrator for the Arizona
Department of Corrections. He will also assume responsibilities at the
Asheville Regional Airport in Fletcher, N.C.
* Charles Brockman, McGhee Tyson Airport, Alcoa, Tenn.: Brockman has worked
for the FAA for more than 16 years, most recently as the manager of the
Nashville Security Field Office responsible for operational support and
oversight of civil aviation security for 17 airports in the region. He also
will assume responsibilities at the Chattanooga Metropolitan Airport and
the Tri-Cities Regional Airport in Blountville, Tenn.
* George Harkness, Burlington International Airport, Vt.: Harkness is a
former Navy commander whose last assignment was at the Naval Sea Systems
Command, Washington, D.C. Most recently, Harkness worked in law enforcement
with the Dublin, Ohio, Police Department. He also will also assume
responsibilities at the Lebanon, N.H., Municipal Airport, the Clinton
County Airport in Plattsburgh, N.Y., and the Rutland State Airport, Vt.
* Robert Schnekel, Roanoke Regional Airport, Va.: Schnekel, a former
special agent with the Army, most recently served in the Treasury
Department as a senior adviser for terrorism and violent crime. He will
also assume responsibilities for airports in Bluefield, Lewisburg and
Raleigh, W.Va.
* David Kuper, Spokane International Airport, Wash.: Kuper works for the
FAA as a security program manager. In the past, Kuper worked on the design
of security systems for Denver International Airport. He will also assume
responsibilities for airports in Lewiston, Idaho, and Moses Lake, East
Wenatchee and Pullman, Wash.
***************************
Federal Computer Week
Treasury shrinks IT staff
The Treasury Department is cutting about 40 percent of the information
technology jobs on its staff about 75 jobs and realigning the workforce.
The goal is to get rid of redundancies as part of an overall strategy to
outsource more management functions, according to acting chief information
officer Mayi Canales.
In the coming months, the CIO's staff will be cut from about 200 employees
to about 125. The timing depends on human resources and finding new jobs
for those whose positions will be eliminated.
"I'm cutting. I'm streamlining staff and improving performance
and...aligning staff more with a business function," Canales said in an
interview with Federal Computer Week July 15. "I'm getting ready to go more
for managed services, less and less internal management, and more and more
external management."
Canales is working to find jobs for the cut workers in other agencies or
other areas of Treasury. Some people will be assigned to special details
that may lead to job offers, she said.
"We'll keep them in special projects and help them until they get
somebody," Canales said.
In analyzing her staff, Canales said she looked strictly at the functions
of every job and determined that there were redundancies or other ways of
doing the work.
For example, she said four people were handling workforce issues. But
employees can get their own information from various IT sources, such as HR
Connect, the department's online human resources system, or e-learning
programs that help train workers for new jobs.
"Employees can do this for themselves," she said. "I don't have the dollars
to spend on four people."
With a yearly IT budget of about $3.4 billion, Canales wants to invest in
functions that will help build Treasury's technology infrastructure and
not fund those that don't.
Similar scenarios could arise across government as agencies try to stretch
funds and avoid duplication and redundancies.
"The rest of the government is under directive from [the Office of
Management and Budget] to cut back and reduce the number of federal jobs,
open them up to the private sector," said a spokesman for the National
Treasury Employees Union.
Under President Bush's plan, 170,000 federal jobs would be moved to the
proposed Homeland Security Department. IT workers are already moving to the
new Transportation Security Administration, which would be part of the
department.
"While not tempting people to leave any particular agency to join TSA, I am
always open to folks with the right credentials to come and help us achieve
our aggressive mission objectives," said Patrick Schambach, CIO at TSA. "I
already have some folks that came out of Treasury."
Nevertheless, the CIO Council's Workforce and Human Capital for IT
Committee predicts a shortage of IT workers, according to Ira Hobbs,
co-chairman of the committee. "It will lead us to not having enough folks
with an IT perspective," he said.
***************************
Government Computer News
EPA moves forward on PeopleSoft implementations
By Patricia Daukantas
GCN Staff
The Environmental Protection Agency recently passed the one-year
anniversary of its PeopleSoft 7 human resources application, and the agency
is working on upgrading the HR module to the Web Version 8.3.
EPA's target date is July 2003 for rolling out the HR, time and labor, and
payroll modules from PeopleSoft Inc., said Robert Thorlakson, EPA's human
resource functional staff director. He spoke yesterday at a Washington
conference sponsored by the Pleasanton, Calif., company.
Even with 13 remote locations, the entire agency was able to go live with
PeopleSoft 7's human resources module on the same date, last July 1,
Thorlakson said.
EPA used PeopleSoft's own support staff instead of a third-party integrator
to install the client-server PeopleSoft 7 module, he said. His staff sent a
snapshot of the agency's production system to the PeopleSoft laboratory in
April to help with the customization of Version 8.3.
Just having the personnel data online should increase data integrity,
Thorlakson said. EPA's 18,000 employees will be able to check their own
accounts and make a limited number of alterations, such as routine address
changes and records of on-the-job training.
"People just don't update their education" in their paper personnel files,
he added.
Going live last year with PeopleSoft 7 decreased personnel transaction
processing time by 50 percent. Thorlakson said he expects that the change
to the browser-based Version 8.3 will increase productivity even further.
***************************
Government Executive
Pentagon gives up part of airwaves for wireless industry
By Teri Rucker, National Journal's Technology Daily
Federal agencies charged with overseeing the nation's airwaves have found a
way to move government spectrum users to make 90 megahertz available to the
wireless industry by 2008, government officials said Tuesday during a press
conference. As part of the plan, the Bush administration on Tuesday
submitted to Congress legislative language that would create a trust fund
to reimburse government users that must move.
The National Telecommunications and Information Administration (NTIA) and
the FCC completed a viability assessment that found 45 MHz of spectrum each
in the 1710 to 1770 MHz bands and the 2110 to 2170 MHz bands without
disrupting communications systems critical to national security.
The industry has been lobbying Congress and the administration to make
spectrum in those bands available but found formidable opposition within
the Defense Department. The Pentagon insisted that comparable spectrum be
found for reallocation, that the costs to move be covered and that security
operations not be interrupted.
Steven Price, deputy assistant Defense secretary, praised the proposal,
noting that "military capabilities will not be degraded because [Defense]
is gaining access to comparable spectrum where needed, receiving cost
reimbursement and being afforded time to adjust to our operations."
The Commerce Department, which oversees NTIA, sent draft legislation that
would create a trust fund for reimbursing incumbent government users for
the cost of moving to different spectrum.
NTIA Director Nancy Victory said she is optimistic that Congress will pass
the legislation before it adjourns for the year, noting that there is
bipartisan support for the proposal, although sponsors have not yet been
found.
Senate Commerce Committee Chairman Ernest (Fritz) Hollings, D-S.C., and
Sen. Daniel Inouye, D-Hawaii, issued a joint statement lauding the
resolution to the spectrum question. The lawmakers said they soon would
introduce legislation that addresses "a number of spectrum-management
issues, including the reimbursement of government users when they are
required to relocate." A spokesman for Hollings noted that Hollings would
craft his own bill.
While Rep. Edward Markey, D-Mass., supports allocating additional spectrum
for the industry, "it is a tall order to expect Congress to legislate on
this before adjournment," said Colin Crowell, an adviser to Markey.
"There is a general consensus that more spectrum is better than less
spectrum, but the details need airing," Crowell said, noting that Markey
would push for inclusion of his legislation that would create grants out of
spectrum-auction proceeds to fund educational and other programs, and to
digitize library and museum content.
"This is a package deal," Price said. All agencies must meet their
obligations, from assessing the cost to vacate spectrum to the FCC
promulgating rules for spectrum allocation and auctioning it, to Congress
approving the trust fund. "If they don't do it," he said, "we don't move."
Officials expect the FCC to be able to auction the spectrum by 2004 or
2005it must be cleared by 2008but it could happen earlier, depending on how
quickly the process moves, they said.
*****************************
Government Executive
New site offers free online courses for federal workers
By Brian Friel
bfriel@xxxxxxxxxxx
Federal workers can take free online courses on about 30 subjects ranging
from project management to coping with stress through a
government-sponsored Web site that debuted Tuesday.
At a press briefing in Washington, officials from the Office of Personnel
Management and Office of Management and Budget unveiled the Gov Online
Learning Center at www.golearn.gov. Federal employees can take the courses,
which take from two hours to eight hours to complete, at no charge to
themselves or their agencies.
The launch of the Web site is the first step in the Bush administration's
plan to make the Gov Online Learning Center a "one-stop" shop for
e-training in the federal government. The learning center is one of the 24
major initiatives that the Bush administration is sponsoring as part of its
e-government strategy.
Mark Forman, associate director for information technology and e-government
at OMB, said the site would eliminate redundant online learning systems in
various agencies, lowering the cost of courses through economies of scale.
But Forman and officials from OPM either did not want to divulge, or did
not know, the cost of the learning center so far.
OPM and the Transportation Administrative Services Center run the site. The
administrative center, which is a fee-for-service operation at the
Transportation Department, awarded a contract for a learning management
system last month to GeoLearning, a West Des Moines, Iowa-based firm. The
learning management system serves as the backbone of the site, handling
student registration, course management and tracking.
Three companies will provide the courses. They are Nashua, N.H.-based
SkillSoft, Naperville, Ill.-based NetG and San Antonio-based Karta
Technologies.
While the site will offer a limited number of free courses, OPM and the
Transportation center will start charging agencies for additional courses
and services later this year.
Many other agencies have already set up online universities and e-learning
sites. The National Security Agency and the Treasury Department's Franchise
Business Activity, for example, run an e-learning site called FasTrac that
56 agencies use to access courses from the same three companies that the
OPM and Transportation site uses.
Forman said that several agencies have already begun to develop migration
plans for moving from their own online learning programs to the Gov Online
Learning Center site. Other agencies have resisted the effort, he said.
Asked about the NSA site during Tuesday's briefing, Forman said, "It's a
core competency issue, isn't it?"
The Bush administration is not requiring that agencies drop their existing
training programs, however, and officials say that the Gov Online Learning
Center will complement many of the programs already in existence, while
eliminating some redundant efforts.
Free courses available on the new site include "Emotional Intelligence at
Work," "Foundations of Grammar," "Management Skills for the Diverse
Workforce," "Leading through Change," and "MS Word 2000 Fundamentals."
****************************
Washington Post
Executives Advised to Take Role in Internet Security
By Ellen McCarthy
Internet security issues need to be addressed in boardrooms and executive
suites, not just data centers and network storage closets. That's the
message one industry organization is trying to convey by targeting the
upper echelon of management with a guide on how to ward off potential threats.
The guide, to be released today by the Internet Security Alliance,
recommends that executives adopt 10 key practices in order to protect their
organizations' vulnerable networks and content.
The Arlington-based alliance is the joint effort of Carnegie Mellon
University's Software Engineering Institute, the institute's CERT
Coordination Center and the Electronics Industries Alliance.
"We've been dealing over the years with a lot of security incidents, and
typically we get the reports from the technical people, not the executives.
Often they feel they are not getting the support that they need from the
management," said Richard D. Pethia, director of CERT, formerly known as
the Computer Emergency Response Team.
"There has been an attitude across government and management that this is a
technical issue and technicians should be able to deal with it."
The guide, which will be available on the alliance's Web site
(www.isalliance.org), suggests that senior managers identify the security
risks within their organizations, create specific policies to address the
problems, provide necessary funding to implement and maintain security
measures, and make users accountable for their actions. Other
recommendations include the use of system-monitoring tools, development of
emergency recovery plans and the regulation of access to key physical assets.
The guidelines are based on a study of current security practices used by
the alliance's members and CERT research on management policy issues. The
founders say they hope the guide will serve as an outline of crucial steps
for all organizations, regardless of size or industry, Pethia said.
Last week, the Center for Internet Security released a set of security
standards and software that draws from the expertise of several government
agencies, including the Pentagon and the National Security Agency.
Pethia said that as executives realize how much financial risk is
associated with potential security breaches, they have become more
interested in ways to prevent them.
"The awareness is really growing and has grown. Senior management is now
paying attention, but we need to help them move beyond awareness and into
understanding," Pethia said.
"The pain level [from network attacks] is going up. We haven't had the big
Pearl Harbor, but we have incidents every day. Right now we're suffering
death by a million paper cuts."
************************
Washington Post
ICANN Forefather Wants More Democratic Internet Governance
By David McGuire
Public participation may be messy, but the organization that manages the
Internet's addressing system must give ordinary Internet users more say in
its decisions, one of the men responsible for creating the domain-name
management body said today.
"Expediency doesn't justify a lack of democratization," said Ira Magaziner,
former senior adviser to President Clinton for policy development.
Magaziner, who set in motion the creation -- and U.S. Government
recognition -- of the Internet Corporation for Assigned Names and Numbers
(ICANN), made a rare public appearance today at a Cato Institute forum on
Internet governance. Magaziner currently works for private consulting firm
SJS Advisors.
ICANN manages the Domain Name System (DNS) under a series of agreements
with the U.S. government. Those agreements are up for renewal in September.
When ICANN was established, Magaziner and others involved with the process
expected that the body would quickly adopt polices to establish public
participation, Magaziner said.
"I remain disappointed that that has not happened in the ways I would have
hoped," Magaziner said, adding that if he were still in a position of power
over ICANN, he would lean on the body to increase democratic participation.
"I do think [ICANN] could use some external force now that would require it
to rethink and reform in a democratic direction," Magaziner said.
ICANN has embarked on an internal reform plan, but that plan abandons a
structure that would have allowed ordinary Internet users to elect a
portion of the ICANN board. ICANN President Stuart Lynn has openly
criticized online elections, and has said that ICANN is not an "exercise in
global democracy."
Magaziner said that while he has not been closely following ICANN's reform
effort, he would disapprove of a plan that abandoned democratic involvement
from individuals and non-governmental organizations (NGOs).
"I think there needs to be a broader representation of consumers and NGOs
than now exists," Magaziner said.
But Joe Sims, ICANN's outside attorney, said Magaziner is too far removed
from the ICANN process to see the problems the organization has had with
online elections and the steps it has taken to include public voices in its
processes.
"We spent three years throwing time and energy down the direct election
rat-hole," Sims said. "I think if Ira was more knowledgeable about [ICANN's
recent history] he would have been more generous in his comments."
In 2000, ICANN's sole attempt to hold global online elections resulted in
the appointment of five board members (a minority on ICANN's 19-member
board) to serve five global regions. Two of those elected members have been
among ICANN's staunchest critics.
Lynn has argued that Internet elections -- the only sort ICANN can
reasonably afford -- are dangerous and subject to capture by special
interest groups.
Sims said ICANN's reform proposal, which calls for an internally selected
nominating committee to chose most of the ICANN board, addresses concerns
surrounding public representation without falling into the pitfalls of
direct elections.
Magaziner said while he did not think ICANN should become a full-fledged
global democracy modeled on the United Nations, it also should avoid
becoming too autocratic.
"A U.N. process would be too slow," he said. "On the other hand, to say
that a small group of people, whoever they are, can make decisions without
democratic processes goes too far the other way."
"I know [democratic processes] make it a less tidy process, but you need
it," he said.
Magaziner stopped short, however, of endorsing a proposal put forth by some
of today's speakers that would call for the Commerce Department to re-bid
the agreements under which ICANN operates the DNS.
"I'd hate to go back to where we were" before ICANN was created, Magaziner
said.
***************************
Washington Post
Bush Admin. Unveils Wireless Plan
By Matt Kelley
WASHINGTON The Pentagon has agreed to shift some military communications
to other frequencies, freeing up space in the airwaves for advanced mobile
phones and other wireless gadgets, the Bush administration announced Tuesday.
The plan is a victory for telecommunications companies that want a bigger
piece of the airwaves to offer enhanced services such as streaming video
and high-speed internet access to phones, handheld computers and other
mobile devices.
The Defense Department had balked at giving up any of the frequencies it
uses for military purposes, such as controlling satellites and guiding
precision weapons.
Under the plan announced Tuesday, the Pentagon would give up two chunks of
the spectrum, moving its uses to other frequencies by the end of 2008. The
wireless companies that buy the rights to the Pentagon's former frequencies
will pay for the transfer.
The National Telecommunications and Information Administration decided that
a third slice of the airwaves was too important to the Pentagon to free up
for commercial wireless uses.
The wireless industry cheered the compromise.
"It is a clear win for the economy, a win for consumers and a win for
national security," said Tom Wheeler, president of the Cellular
Telecommunications and Internet Association.
Wireless companies have been pushing to free up a specific range of
frequencies that other countries plan to use for advanced wireless
features. That would make it possible for someone to buy a phone or other
handheld device here and roam internationally with it.
But in the United States, most of the space in that band of frequencies is
occupied by the military and used for such systems as satellite controls,
aircrew combat training and precision weapons guidance. The Pentagon had
resisted making the change, saying to do so would harm national security
and take until 2017.
Steven Price, the Pentagon's top official on the issue, said in a statement
Tuesday the military is satisfied with the compromise.
The plan gives the military enough time, and enough space elsewhere in the
spectrum, to shift its key functions without hurting its fighting
capabilities, Price said.
On the Net:
National Telecommunications and Information Administration:
http://www.ntia.doc.gov/
Cellular Telecommunications and Internet Association: http://www.wow-com.com/
Defense Department: http://www.defenselink.mil/
************************
Nando Times
Internet medicine trips up doctor
By STEVE WIEGAND, Sacramento Bee
SACRAMENTO, Calif. (July 23, 2002 4:17 p.m. EDT) - In the first case of its
kind in California, a doctor faces the loss of his medical license for
allegedly prescribing drugs illegally through the Internet.
Jon Steven Opsahl is accused of writing more than 8,000 prescriptions for
antidepressants and painkillers to patients he never examined.
The Medical Board of California alleges Opsahl prescribed the drugs, during
the course of a year, after talking on the telephone to patients from
around the country who were referred to him by operators of a Texas-based
Web site. According to the complaint, he received $60 for each consultation
sent his way by the Web site, called Office In A Snap.
The Medical Board contends Opsahl violated an 18-month-old state law that
bans physicians from dispensing potentially dangerous drugs via the
Internet without first conducting a "good faith examination." The board has
interpreted that phrase, in almost all situations, to mean an exam done in
person.
Law enforcement and health officials say Opsahl's case, which goes before
an administrative law judge Thursday in San Diego, is just the beginning of
what they expect will be a steady stream of confrontations between
traditional medical protocol and cyber-pharmacies.
"It's going to be a lot more common in the future," said Sanford Feldman,
the deputy attorney general representing the Medical Board.
Opsahl maintains that while patients were referred to him through the Web
site, the telephone consultations provided him with enough information to
responsibly prescribe the drugs, and in fact represent a more efficient way
of practicing medicine.
"I'm getting punished just because I didn't follow in goose-step marching
order an outdated medical model that insists on a physical exam that isn't
always necessary," he said.
There is no federal law regulating Web site pharmacies, leaving it to
individual states to determine what is legal or not in dispensing drugs
using the Internet.
Some sites, most of them approved by the National Association of Boards of
Pharmacy, require written authorization from a customer's physician before
filling prescriptions online.
But for a fee that can range from $40 to $120, many other sites offer to
fill a prescription, often through another Web site, following an online or
telephone consultation with a physician.
Others, especially sites based in other countries, require only that
customers check a box affirming they are at least 18 years old and don't
plan to abuse the drugs.
Internet pharmacies, known as "pill mills," send out thousands of
unsolicited e-mails promising few-questions-asked delivery of drugs. Those
who respond are directed to Web sites where they fill out questionnaires,
use credit cards to pay often-exorbitant prices, then wait for the pills to
be mailed.
To combat the pill mill problem, the California Legislature approved a bill
that went into effect last year. The law specifically bans filling
prescriptions via the Internet unless there was first a "good faith
examination" by a qualified physician. It sets a fine of $25,000 for each
prescription illegally approved by a California physician or filled by a
California-based Web site.
Two months ago, the pharmacy board used the law for the first time, to fine
a Los Angeles drugstore and two pharmacists for filling Internet
prescriptions without a medical examination. But the doctors involved were
from out of state and were not cited. The case is being appealed.
In addition to the legal problems they pose, non-accredited sites often
charge prices far above those charged at approved sites. One offshore
pharmacy, for example, recently was charging $129 for 50 tablets of Valium.
There is also the question of what you're getting.
"Drugs from those kinds of sites could be adulterated, they could be
expired, they could be anything," said Patricia Harris, executive officer
of the California Board of Pharmacy. "There's no guarantee they are
anything close to what they purport to be."
While the Food and Drug Administration sets standards for drug purity,
neither it nor any other federal agency does much to patrol Internet
pharmacies. California health and law enforcement officials say it's a
decidedly uphill battle to deal with sites that can be based anywhere in
the world.
In the Opsahl case, for example, the Web site that connected patients with
doctors for phone consultations was based in San Antonio. The site since
has closed, and a San Antonio phone number for the company has been
disconnected.
Absent an overriding federal law, state officials rely on each other to
chase down rogue Internet physicians and pharmacies.
The Federation of State Medical Boards has run a clearinghouse for medical
boards and law enforcement for the last two years, where state officials
can trade information.
Although Opsahl is the first California physician to face disciplinary
action for prescribing via the Web, Medical Board spokeswoman Candis Cohen
said formal charges have been filed against two other doctors in California
and 25 other investigations are under way.
Opsahl acknowledged that he did prescribe the antibiotic Cipro over an
Internet site without a telephone consultation after the
anthrax-in-the-mail scare of last October, but he said he stopped after
being ordered to by the Medical Board.
Administrative Law Judge Stephen Hjelt, in an April order that suspended
Opsahl's license until his case is heard, took a different view.
"Respondent's belief that talking over the phone with patients satisfied
the requirement of a good faith examination is profoundly disturbing and
demonstrates a combination of incredible arrogance and a woeful lack of
judgment," Hjelt wrote.
If Opsahl is found guilty, the Medical Board can take a wide range of
actions, from placing him on probation to stripping him of his license.
Whatever happens, Deputy Attorney General Feldman said, "this won't be the
last case of its kind in California."
*************************
Information Week
Experts Seek Liability Protections To Improve Cybersecurity
By Ted Bridis, The Associated Press
Congress is being asked to provide protections from liability lawsuits,
antitrust restrictions, and public disclosure laws.
WASHINGTON--Experts in computer security, emboldened since Sept. 11 by
renewed attention to threats of cyberterrorism, are asking Congress for
protections from liability lawsuits, antitrust restrictions, and public
disclosure laws as companies begin sharing more sensitive information about
Internet attacks.
In stark testimony prepared for a hearing today by the Government Reform
subcommittee on government efficiency, some of these experts described the
risks that foreign hackers one day soon may attack the computerized systems
controlling the nation's electrical or water networks.
"Today, some say it would be easier for a terrorist to attack a dam by
hacking into its command-and-control computer network than it would be to
obtain and deliver the tons of explosives needed to blow it up," said
Stanley 'Stash' Jarocki, who heads a threat-warning network established by
some of the country's largest financial institutions. "Even more
frightening, such destruction can be launched remotely, either from the
safety of the terrorist's living room, or their hideout cave."
Another expert, Joseph Weiss of KEMA Consulting, complained that not enough
has been done in the months after the Sept. 11 terror attacks to buttress
cybersecurity, while the government's primary focus has been to improve
physical security around buildings, airports, and other facilities.
These experts said that even as new vulnerabilities are discovered in
modern technology, companies increasingly are connecting vital systems via
the Internet because of cost-savings and efficiency.
"Companies have the capacity to manage their infrastructure with
never-before-seen ease," said Marc Maiffret, the co-founder of eEye Digital
Security Inc., which sells security software. "Fifteen field offices can be
managed from one central location."
Maiffret said this newfound convenience presents unprecedented risks. "The
attack would be able to take advantage of the functionality ... to seize
control of a power plant, a water-treatment plant, a dam, or even an
amusement park," he said. Maiffret recommended all employees within
companies that operate important systems undergo background checks, in some
cases as rigorous as ones needed for government clearances.
But Maiffret added that this threat largely remains a distant one.
"Terrorists are only recently starting to realize the benefits of having
people within their organizations that have real hacking skills."
Douglas Thomas, an associate professor of communications at the University
of Southern California, agreed that while the U.S. government needs to pay
attention to these threats, media reports often exaggerate the risks.
"Cyberterrorism is a lot more difficult than many people assume."
Jarocki, the security expert for banks, urged the panel to approve new
legislative protections for companies willing to share information among
themselves and with government. He said new rules are needed, similar to
Y2K liability protections, when customers were prohibited from suing a
company if it could demonstrate that it made good-faith efforts to keep its
computers running safely.
"The sharing of information may lead to liability lawsuits against the
company or its officers and directors," Jarocki said. "The chilling effect
of potential liability lawsuits on voluntary speech cannot be underestimated."
He also asked for exemptions under antitrust laws to protect companies
sharing information about Internet attacks among competitors, and for
exemptions under the U.S. Freedom of Information Act to protect any
disclosures companies might make to government agencies about attacks.
Another expert, Alan Paller of the SANS Institute, recommended that
Congress require all federal agencies to measure the security of their
computers against minimum requirements. He also said that experts hired to
identify weaknesses in computer networks should make the necessary changes
to fix any such problems.
**************************
Info World
Study: database developers see Internet as critical
By David Legard
THE INTERNET REMAINS critical for companies accessing and collecting
commercial information and dominates the plans of businesses seeking new
and improved methods for tapping their mission-critical data, according to
a survey of database developers carried out recently by market research
company Evans Data.
While the commercial Internet industry flounders, and even as IT budgets
contract, database specialists see as increasingly important strategies for
managing Web-based data -- including real-time updating, data collection
and dynamic page creation, according to the results of the survey of over
700 North American database specialists.
According to Evans Data's Summer 2002 Database Developers survey, 72
percent of database developers rate dynamic page creation as critical, and
72 percent also regard automatic site updating as important.
The mobile area is also garnering attention, with 47 percent of survey
respondents indicating that they are developing database applications that
support wireless or handheld devices, or plan to do so within 12 months.
This figure indicates a much stronger focus on mobile Internet-based
applications than was seen in last year's survey, with PDAs (personal
digital assistants) being the favored platform to develop applications for,
Evans Data said.
But direct security breaches against databases have increased over the past
year, with 20 percent of respondents reporting a breach, up from 12 percent
in the last survey conducted six months ago. The most common form of attack
was from external viruses, according to the survey respondents.
Many of the respondents said they had beefed up their security systems,
employing a variety of methods to protect data. The most popular security
technology was network authentication/firewall, used in 83 percent of the
surveyed sites, operating system-based security features (74 percent),
regular changes of passwords (63.2 percent), built-in database security
features (37.3 percent) and directory service (27.4 percent).
************************
Info World
OASIS forms WS-Security committee
MICROSOFT AND IBM moved one step closer to turning their security
specification into a standard on Tuesday.
Clearing a significant hurdle for the WS-Security standard to gain
recognition as a trusted means for applying security to Web services,
standards body OASIS (Organization for the Advancement of Structure
Information Standards) formed a technical committee to give vendors a crack
at the immature specification.
First published in April as part of a working partnership between
Microsoft, IBM, and VeriSign, the WS-Security specification defines a
standard set of SOAP extensions, or message headers, which can be used to
set and unify multiple security models, mechanisms, and technology -- such
as encryption and digital signatures for instance -- onto Web services
applications which traverse the Internet.
Aside from an initial WS-Security road map, the trio also proposed
specifications yet to come that address a variety of other security,
policy, messaging, and trust issues associated with Web services security.
They include WS-Policy, WS-Trust, WS-Privacy, WS-Secure Conversation,
WS-Federation, and WS-Authorization.
The first meeting of the technical committee is slated be held the first
week of September and hosted by Sun Microsystems, said officials of the
Billerica, Mass.-based OASIS standards consortium in a statement on Tuesday.
"We are encouraged to see Microsoft and IBM contributing their
specification under royalty-free terms to OASIS," said Bill Smith, director
of Liberty Alliance Technology at Palo Alto, Calif.-based Sun Microsystems
in a statement. "It will now be possible for the community to evaluate and
build upon this technology out in the open."
Largely due to its reluctance to join the IT and vertical vendor-led
Liberty Alliance Consortium and its mission to create a standard for
federating identities online up until last week, Microsoft has been
criticized by many in the past for a perceived heavy proprietary leaning
toward Web services security. The Redmond, Wash.-based software behemoth,
however, is slowly warming up to open-source efforts at the behest of some
very large financial and corporate customers unwilling to be squeezed out
of any standards that emerge, said John Pescatore, vice president and
research director of network security at Stamford, Conn.-based Gartner.
"In the financial world, big banks and credit card vendors have been very
aggressive; they don't want proprietary control. In a lot of large
enterprises, United and people of that ilk have been part of the Liberty
committee. That's been the mechanism -- where they've been big buyers of
Microsoft technology and are telling Microsoft 'we want these two
[standards] to work together,'" Pescatore said. "But I think we need to see
that pressure ratchet up here."
From the non-Microsoft side, Pescatore said it is not surprising that
vendors such as Sun and other Liberty members pursued OASIS WS-Security
technical committee membership due to vested interests and plugging
particular holes the Liberty Alliance specification 1.0 is not designed to
answer.
"WS-Security is technologically neutral and really needed. Sun and Liberty
have to make sure that WS-Security stays open and they're onboard. I think
this is why you see them trying to leap on here ... it's a reactive mode,"
he added.
Pescatore contends that the true vendor "battle" over specifications will
arrive after the other WS-Security road map, or "undefined layers," begin
to be revealed. He said the overly complex remaining layers could lead IBM
and Microsoft to lean too much toward .Net and Kerberos.
The WS-Security specification will be engaged and advanced by BEA Systems,
Sun Microsystems, IBM, Fujitsu, Intel, SAP, Commerce One, webMethods,
TIBCO, IONA, Novell, Oblix, VeriSign, Blockade Systems, OpenNetwork, XML
Global, Perficient, Documentum, SeeBeyond, Sonic Software, as well as other
OASIS members.
*************************
News Factor
What is Grid Computing, any way?
One good way to gauge a new technology's degree of acceptance is to observe
whether it has moved out of the laboratory and onto store shelves -- from
science to commerce. According to that measure, grid computing is just
coming of age. Often called the next big thing in global Internet
technology, grid computing employs clusters of locally or remotely
networked machines to work on specific computational projects. [Full Story,
see http://www.newsfactor.com/perl/story/18722.html]
************************
BBC
How random is pi?
Mathematicians have achieved a major step towards answering the question of
whether numbers like pi and other mathematical constants are truly random
and for the first time linked number theory with chaos theory.
It is not just a mathematical curiosity they say. Proving that pi never
repeats itself would be a major advance in our theory of numbers.
It may also allow the construction of unbreakable codes based on long
sequences of random numbers.
The value of pi is known to 500 billion places. No cyclic patterns have
been found and if mathematicians are correct none will ever be found no
matter how many digits are calculated.
Hypothesis A
Pi, the ratio of a circle's circumference to its diameter, has been known
for thousands of years to be mystifying. Some ancient Greeks built a
religion around it.
Pi is a ubiquitous number whose first few digits are the well-known
3.14159. Pi will go on forever¿
All numbers of the same number of digits inside pi occur with the same
frequency: 234 appears as often as 876, and 23,568 as often as 98,427.
Mathematicians call such a number that behaves this way "normal".
Other normal numbers are the square root of 2 and the natural logarithm of 2.
According to David Bailey, of the Lawrence Berkeley National Laboratory in
the US, the normality of certain maths constants is a result of some
reasonable conjectures in the field of chaotic dynamics.
Chaotic dynamics states that sequences of numbers of a particular kind
dance between two other numbers - a conjecture called "Hypothesis A".
Still with me?
The fact is that not a single instance of a number like pi has ever been
proved normal. Mathematicians, it seems, are pretty fed up that they cannot
do this.
This is where Hypothesis A comes in and a strange discovery made six years
ago.
That discovery was made by David Bailey and Canadian mathematicians Peter
Borewin and Simon Plouffe. They wrote a computer program that calculates an
arbitrary digit of pi without calculating any of the preceding digits -
something that was thought impossible.
The connection between BBP and Hypothesis A is that the BBP program
produces just the kind of behaviour that the hypothesis predicts.
Bailey says: "At the very least we have shown that the digits of pi appear
to be random: because they are described by chaos theory."
Practical spin-offs of this seemingly arcane research include random number
generators and cryptography.
**********************
Euromedia.net
Mapping out the future of Russian internet
The Russian Communications Ministry has ordered the Department of
Information to hold a tender on forecasting the development of the Russian
internet segment throughout 2010.
A report based on this research will be heard at a meeting of the board of
the Scientific and Technical Council of the Russian Communications Ministry
in March 2003.
The council stresses the necessity of rendering state support for socially
important services like distance learning, employment, public and personal
security on the internet.
************************
Sydney Morning Herald
Govt 'trying to prevent scrutiny of Net censorship laws'
The Federal Government is moving to prevent scrutiny of its Internet
censorship laws which have been a dismal failure, according to the
Australian Democrats.
In a media release, Australian Democrats IT spokesperson, Senator Brian
Greig, said these changes would enable any government department to block
legitimate public access to records simply by saying the records contained
offensive material.
"Currently, the Broadcast Services Act allows the Australian Broadcasting
Authority (ABA) to order websites to be banned under a very broad
definition, but so far, its excesses have been monitored and curtailed by
online civil liberties organisations such as Electronic Frontiers
Australia," Senator Greig said.
"To date, this has been done through the legitimate use of the FOI Act.
However, the Government's proposed changes to the FOI laws mean the ABA
will be able to hide behind the Act in all its decisions and be protected
from genuine public scrutiny".
"This knee jerk reaction from the Government is a direct response to
probing questions from the Australian Democrats and the Electronic
Frontiers Australia into the workings of the ABA," Senator Greig said.
"Back in 1999 changes to the Broadcasting Services Act forcing the ABA to
apply unworkable censorship laws to Internet were criticised by the
Australian Democrats.
"The application of those unworkable laws was so embarrassing to the
Government, it now sees the need to introduce these changes to the FOI
legislation."
***********************
Sydney Morning Herald
British government backs Open Source
The British government has decided to consider Open Source solutions
alongside proprietary ones in its IT procurement and award contracts on a
value for money basis.
The policy, published by the Office of Government Commerce (OGC) and made
available by the Office of the e-Envoy was announced on Monday, nine days
before the deadline set by Microsoft for businesses to switch to its new
licensing scheme.
The policy document said that for interoperability, the government would
use only products that support open standards and specifications.
Further, it would consider obtaining full rights to software code or
customisations of proprietary software it procured and explore the
possibilities of using only Open Source software for government-funded R&D
software.
The policy was justified by citing the need for value for money,
flexibility in development, ownership and security of government systems.
In the last named, a reference was made to a Gartner report on the Nimda
worm which infects Microsoft's Internet Information Server software.
The document said the OGC would update procurement guidelines to reflect
this policy.
**********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx