Clips September 16, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips September 16,
2003

ARTICLES

Wisconsin enters VoIP fray
Universities Pushing Online Applications
CDC to consolidate hot lines
'NET Guard:' An idea still waiting for its time to come 
Government unveils computer emergency response team 
DHS partners with CERT/CC to fight cyberattacks
VeriSign launches 'suggestion service' for Web typos

*******************************
CNET News.com
Wisconsin enters VoIP fray
Last modified: September 15, 2003, 3:20 PM PDT
By Jim Hu 

Wisconsin regulators have informed Santa Clara, Calif.-based 8x8 that its
Packet8 Internet voice-calling service is subject to the same rules as
traditional phone companies, marking the second major move by a state
against Internet-based phone operators. 
The company said that the Wisconsin Public Service Commission (WPSC)
informed it by letter last week that 8x8 cannot provide voice-calling
services within Wisconsin without the commission's certification, and
that Packet8's bills for all voice calls within the state are void.

Wisconsin's letter signals increasing regulatory scrutiny of Internet
voice calling, and follows a similar warning issued to voice over
Internet Protocol (VoIP) provider Vonage in Minnesota last month.
Michigan's Public Utilities Commission ordered that New Jersey-based
company to immediately pay fees to support 911 service. 

A representative for 8x8 said Wisconsin's interpretation of its Packet8
service goes beyond VoIP, with wide ramifications for Internet-based
services in general. 

The WPSC "could potentially regulate e-mail because they don't
distinguish between data communication and telephone communication,"
Huw Rees, a spokesman for 8x8 said. "It seems to be a lot of
confusion to how and whether or not to regulate these types of
services." 

Rees said 8x8 will respond to the WPSC within 30 days. 

The decisions strike at the heart of an increasingly controversial
question concerning VoIP services: Should phone calls that use the
Internet rather than the traditional public telephone network be
regulated as a telecommunications service or an Internet service?

Consumer VoIP services are still in their infancy, but analysts predict a
major shift away from traditional phone services to Internet-based rivals
in the coming years. Treating Internet voice calls like data could have a
major impact on taxes and other revenue from traditional phone services,
with enormous potential fallout for programs such as universal service
and the e-rate fund, a federal program that subsidizes Internet access
for schools and libraries. These programs are funded through taxes on
telephone calls. 

The issue is still largely undecided. VoIP providers argue that their
services should be considered data, since they travel over the same path
as Web traffic. 

Advocates of the technology submitted a petition earlier this year to the
Federal Communications Commission seeking a declaratory ruling that VoIP
providers are Internet services, and therefore beyond the reach of
ordinary telephone regulations. Last year, the agency made just such a
determination in the case of cable broadband providers. 

A representative of the Wisconsin Public Service Commission did not
immediately return calls seeking comment. 
*******************************
Los Angeles Times
Universities Pushing Online Applications
UC and Cal State plan to switch the process to the Internet in 2005.
Exceptions will be made if students lack computer access.
By Stuart Silverstein
September 16, 2003

Paper applications are becoming a thing of the past for students hoping
to attend California's two public university systems.

The California State University and University of California announced
Monday that they would urge everyone seeking undergraduate admission to
apply via the Internet, starting with students entering in the fall of
2005.

CSU and UC are calling the online applications a requirement, but they
will allow exceptions for students who say they lack access to the
Internet.

Although most American colleges and universities already accept
applications via the Internet, CSU and UC are believed to be the first
big U.S. universities to ask all students to submit their materials
electronically, admissions experts said. 

The practice is already widespread at the California university systems.
For this fall's incoming class, UC reported that 68.4% of its
applications were online, while CSU estimated that its percentage was 80%
to 90%. 

Admissions officials and student advocates generally welcomed the move,
although some expressed concern that it could put low-income students
without readily available Internet access at a disadvantage.

One of the chief benefits, admissions officials said, is that the online
process helps colleges and universities cut costs  CSU, for
instance, said it would stop printing 2 million paper applications per
year.

Electronic applications also can speed the universities' evaluation of
prospective students.

In addition, the online systems cut paperwork errors sometimes made by
students or by admissions office employees who type information from
paper applications into computers. The online systems can alert students
who leave required answers blank or who make inadvertent mistakes,
admissions officials said. 

CSU and UC officials said they would provide paper applications, upon
request, for students who are unable to gain access to the Internet or to
print out the applications from the university systems' Web sites. They
pointed out, however, that students who do not have Internet access at
home might be able to apply online using computers at their schools,
libraries or community centers.

Broader use of online applications "is going to make it easier for
students to apply error-free," said Allison G. Jones, a CSU
assistant vice chancellor.

"It's convenient, it's available 24 hours a day, seven days a
week," said Susan Wilbur, director of undergraduate admissions at
the Oakland headquarters of the UC system.

"It's also easy. Students are very familiar with using the Internet.
They are increasingly comfortable with completing these kinds of forms
online."

A poll last year by the National Assn. for College Admission Counseling,
an organization of high school counselors and college admissions
officers, found that 93% of the schools it surveyed offered the option of
applying online, up from 79% three years earlier.

Judy Hingle, director for professional development with the association,
said online applications reflect the need for students to be computer
proficient. "It's a way of life on college campuses these
days," she said. "Students very often e-mail papers to
professors And the professor may e-mail back comments." 

Merriah Fairchild, a higher education advocate for the California Public
Interest Research Group, said the online application process also helps
students locate information about application deadlines, financial aid
and other key information.

"Most students, in this day and age, are very comfortable on the
Web, and so this plays to their strength," she said. At the same
time, Fairchild said her organization would monitor the CSU and UC
programs to make sure they "don't create another barrier" for
students who aren't Internet-savvy.

Barmak Nassirian, associate executive director of the American Assn. of
Collegiate Registrars and Admissions Officers, said the move by CSU and
UC is certain to start a trend  if it's successful. He said that
some colleges and universities have held back on making a "wholesale
conversion" to online-only systems because of concerns about the
ability of all students to apply electronically. Nassirian praised CSU
and UC for continuing to accept paper applications.
*******************************
Federal Computer Week
CDC to consolidate hot lines
Contact center will save agency money and provide single face to
public
BY Sara Michael 
Sept. 15, 2003

The Centers for Disease Control and Prevention, as part of an initiative
to play a more proactive role in homeland security, plans to simplify how
the public gets information about diseases.

The agency will soon release a request for proposals to merge its
three-dozen hot lines into a single contact center.

CDC annually receives about 3 million inquiries through phone calls,
e-mail and written mail. The consolidated center will bring consistency
to the calls, save money for the agency and provide a single face to the
public, officials said.

Much of CDC's organization and funding have followed disease or topic
lines, such as HIV/AIDS or cancer. The call centers also are set up by
topic and separately managed in-house or by contractors, said James
Seligman, CDC's chief information officer.

"Right now, true to our usual organization preferences, we have a
highly distributed business model," Seligman said.

With the new hot line (1-800-CDC-INFO), callers can make one call for
answers to a variety of questions, he said. The new hot line, in addition
to a Web site redesign that is in the works, is another way the agency is
increasing its visibility.

The contact center will eventually include centralized e-mail and mail
intake, although the cost and goals of the project have not been
determined. CDC officials will leave many details to the potential
service providers but will evaluate proposals based on industry best
practices, Seligman said.

"We don't have any preconceived outcomes, but we will be looking for
innovation on [customer relationship management] tools, knowledge
management tools and workflow tools," he said.

Callers will receive more responsiveness and consistency through the new
service. A single center will allow for better coverage and enhanced
services, such as multilingual options and services for callers who have
hearing impairments, Seligman said.

A centrally managed contact center will also allow CDC officials to
quickly increase the number of call takers during emergencies or disease
outbreaks. "We don't have to scramble as hard to get enough people
there," said Dottie Knight, project manager for the consolidated
consumer services contract. The contractor "has to scale their
resources to handle a fluctuation in volume."

"Name the outbreak and you see a surge in activity," Seligman
said.

The goal of the consolidated center is to have 80 percent of calls
answered by a first-level call taker, Knight said. Second- and
third-level call takers will be available if more expertise is
needed.

"The knowledge base continues to build," she said. "The
response goes into the knowledge base, and perhaps [a call] won't have to
be transferred next time."

The biggest challenge to this initiative will be teaching a vendor's
employees the vast amount of information that is available at CDC,
Seligman said. The call takers must be familiar with the information so
they can ask the proper questions and enter the right keywords to get
answers. Call takers will need to understand that many topics require
special sensitivity, such as HIV/AIDS or other sexually transmitted
diseases, Seligman said.

"In some health condition areas, there is a very high degree of
sensitivity in them," he said. "The kinds of sensitivities and
counseling the customer service representatives need to have [are] very
paramount." 

Knight said CDC officials hope to have current call takers participate in
training the new contractor. Brian Bingham, manager for customer care
research at IDC, said contractors often hire former call takers to assist
in training. "It can be tricky, but there are ways around it,"
he said.

 From a technical standpoint, routing hot lines won't be hard, but
officials should focus on the business process of creating an
easy-to-understand system, Bingham said. Building a clearly delineated
path so callers know where to go and what direction they need to be
routed will make calls more successful.

He said the consolidated hot line is sure to increase the agency's
visibility and the public's understanding of the agency. "By
creating a central port, it creates consolidation and conformity, so it's
one-stop shopping," Bingham said. "When you call one number,
you [will] realize, 'Oh, gee, the CDC does all these
things.'"

***

Taking all calls 

The Centers for Disease Control and Prevention has issued a request for
proposals for a consolidated contact center and is seeking industry ideas
on:

* Customer relationship management.

* Performance measures.

* Reliable and confidential call handling.

* Changes in call volume related to health emergencies and news
events.
*******************************
 Government Executive
September 15, 2003 
'NET Guard:' An idea still waiting for its time to come 
By Chloe Albanesius, National Journal's Technology Daily 

Shortly after the 2001 terrorist attacks in New York, Washington and
Pennsylvania, Sen. Ron Wyden, D-Ore., took to the Senate floor to tout a
novel idea. 


"What this country needs," he said in a floor statement on
improving emergency information systems, "is essentially a
technology equivalent of the National Guard: a National Emergency
Technology GuardNET Guardthat in times of crisis would be in a position
to mobilize our nation's information technology community to action
quickly." 


About a year later, the Senate passed a bill to create the NET Guard by
voice vote, and President Bush ultimately endorsed the idea as part of
the law creating the Homeland Security Department. But nine months after
that act was signed, the volunteer IT teams exist only on paper and the
idea appears to be on the backburner at Homeland Security. 


The plan, spearheaded by Wyden and Sen. George Allen, R-Va., calls for
the department to implement a system for forming local teams that would
be willing to help in the event of a major systems or network crash.
Homeland Security also is tasked with developing certification criteria
that all volunteers must meet. 


The statute that created the department, however, says only that the
undersecretary for information analysis and infrastructure protection, a
job currently held by Frank Libutti, "may" establish NET Guard
and does not specifically demand it or put a timetable on creating it.
Thus far, no action has been taken, apparently due to Homeland Security's
preoccupation with the war in Iraq. 


The Senate confirmed Libutti to the post in June, and a department
spokesman could not provide an update on the status of NET Guard.


Wyden's spokesman said the senator certainly will "make a push to
see that these provisions [of the law] are put into use. He worked to
include these provisions because the private sector has an important role
to play." But the spokesman added that Homeland Security is still a
new department in the thick of reorganization. 


He praised the willingness of companies and individuals "who wanted
very much to help shoulder the burden faced by the emergency-response
community" after the 2001 terrorist attacks and said that whether or
not NET Guard exists, Wyden "believes that America should be ready
to avail itself of those resources to supplement our first responders'
efforts if a crisis strikes again."
*******************************
Government Executive
September 15, 2003 
Government unveils computer emergency response team 
By Drew Clark, National Journal's Technology Daily 

The Homeland Security Department on Monday announced the creation of a
U.S. Computer Emergency Response Team that is designed to become the
country's premier "CERT," superseding the private-sector center
long run by Carnegie Mellon University. 


Homeland Security officials said the CERT would "begin as a
partnership" between the National Cyber Security Division within the
department and Carnegie Mellon's CERT Coordination Center. 


"The U.S. CERT will become the dominant CERT within the
community," said Robert Liscouski, Homeland Security assistant
secretary of infrastructure protection. He said the center wants to
reduce the government's response time for detecting and responding to
computer viruses and worms to 30 minutes by the end of 2004. 


Liscouski also formally announced that Amit Yoran, Symantec's vice
president of managed security services, has been named as the
department's cybersecurity director, a nomination reported last week in
National Journal's Technology Daily. Tech industry officials offered
praise for Yoran, who will be responsible for the U.S. CERT. 


The announcements were made at a breakfast sponsored by the Information
Technology Association of America (ITAA) and were greeted politely by
technology industry officials. But Liscouski alluded to the fact that the
technology industry has criticized the Bush administration's attention
thus far to cybersecurity within the department. 


"Do we have the right emphasis on cybersecurity?" he asked
rhetorically. "We have not buried it." 


At the same time, some in the audience expressed nervousness about one of
the goals for the center identified by Liscouski: to "develop
standards to provide us detection methods and tools" for reducing
the warning times on viruses. 


Asked about whether establishing a government CERT will mean less
cooperation with the private sector, ITAA President Harris Miller said,
"It will be more collaborative, not less." Carnegie Mellon
President Jared Cohen pledged to work cooperatively with Homeland
Security.

Established in 1988 to serve as an early-warning system on computer
threats, the Carnegie Mellon CERT is part of the university's Software
Engineering Institute and is funded by the Defense Department. In recent
years, the center has been criticized for its co-sponsorship of the
Internet Security Alliance (ISA), which is affiliated with the Electronic
Industries Alliance. 


Mary Ann Davidson, chief security officer for Oracle, said the team has
been "tarnished by selling advanced information of
vulnerabilities" to ISA subscribers. She asked Liscouski whether the
U.S. CERT would offer "equal access, equal opportunity" to
information about vulnerabilities or whether information would be
distributed on a sector-by-sector basis.

"This is an attempt to be across the board and have everyone
learn" simultaneously about vulnerabilities, Liscouski said.
Davidson expressed satisfaction with the reply.

This "shows the [Homeland Security Department] is starting to really
get organized and implement programs to counter cybersecurity
problems," said Dan Burton, vice president of government affairs for
Entrust.

The department "should get credit for working hard on cyber issues
and taking them very seriously and reaching out to industry," said
Bill Guidera, Microsoft's policy counsel. 


Rep. Adam Putnam, R-Fla., praised the new initiative, noting that
currently, "the United States is not adequately prepared to ward off
a serious cyberattack that could cause severe economic
devastation."
*******************************
Computerworld
DHS partners with CERT/CC to fight cyberattacks

The goal is to improve information sharing about cyberthreats 

Story by Linda Rosencrance 

SEPTEMBER 15, 2003 ( COMPUTERWORLD ) - The Department of Homeland
Security announced today that it is partnering with Carnegie Mellon's
CERT center to help coordinate efforts to prevent and defend against
cyberattacks. 
The new organization, which will involve the department's National Cyber
Security Division, will coordinate the prevention of, protection from and
response to cyberattacks. 

The university's CERT Coordination Center (CERT/CC) issues advisories
about security vulnerabilities in software, warns of virus and worm
outbreaks, offers tips on keeping computer systems secure and helps to
coordinate responses to some security incidents. 

Jeffrey Carpenter, manager of CERT/CC, said US-CERT will bring together
various organizations that work on Internet security issues to
collaborate and share information better than has been done in the past.

"We're looking at bringing together as partners in US-CERT other
computer security incident response teams, managed security response
teams and other organizations that are focused on Internet
security," he said. 

US-CERT will work to provide communication and sharing mechanisms to
allow that community of people to talk, share information and, when
there's a major security event, to be able to analyze and disseminate
information faster than has been done before, according to Carpenter.

"This new center for cyber security is a key element to our national
strategy to combat terrorism and protect our critical
infrastructure," said Secretary of Homeland Security Tom Ridge in a
statement. "The recent cyber attacks such as the Blaster worm and
the SoBig virus highlight the urgent need for an enhanced computer
emergency response program that coordinates national efforts to cyber
incidents and attacks."
*******************************
Computerworld
Symantec VP picked as U.S. cybersecurity czar
Amit Yoran has won high marks for his work at Symantec 
Story by Paul Roberts

SEPTEMBER 15, 2003 ( IDG NEWS SERVICE ) - Security software industry
veteran Amit Yoran is expected to be named the new head of federal
cybersecurity by the U.S. Department of Homeland Security (DHS) tomorrow.

Robert Liscouski, the DHS's assistant secretary of homeland security for
infrastructure protection, named Yoran as the agency's new cybersecurity
czar in comments today at a forum hosted by the Information Technology
Association of America, according to a DHS spokesman. 

But DHS declined to comment specifically on the appointment, pending the
release of an official statement tomorrow. 

Yoran helped to found network scanning company RipTech Inc. in
Alexandria, Va., in 1998. After RipTech was acquired by antivirus giant
Symantec Corp. for $145 million in August 2002, Yoran stayed on as
Symantec vice president of worldwide managed security services
operations, according to Symantec spokesman Cris Paden. 

Yoran was well regarded there, Paden said. "He definitely knew what
he was doing. He was somebody who brought an enormous set of skills with
him," he said. 

While the DHS refused to comment today because the official announcement
won't happen until tomorrow, the software industry raced to embrace one
of its own after word of Yoran's impending appointment spread. 

The Business Software Alliance (BSA), a leading software industry group,
lauded the choice, saying Yoran's experience in the software industry
will help build the public-private partnerships that are necessary to
prevent attacks on the nation's critical infrastructure. The BSA is
pleased about his appointment to "such a vital role," BSA
President and CEO Robert Holleyman said in a statement. 

A graduate of the U.S. Military Academy at West Point, Yoran designed
security architecture for the Pentagon and served as director of the
Vulnerability Assessment and Assistance Program for the U.S. Department
of Defense Computer Emergency Response Team before founding RipTech.

That technical background should serve him well in his new post, said
Alan Paller, director of research at the SANS Institute Inc. Having a
tech-savvy chief will make it easier for companies with information on
vulnerabilities or cyberthreats to approach the DHS. It will also make it
easier for the DHS to attract desperately needed technical resources.

"Amit gets it technically, and he's proven he can manage
difficult-to-manage technical people and make a pretty good environment
for them to work in," Paller said. 

Yoran's links to the antivirus community might also make him less
hospitable to software makers that produce products with bugs, he said.
That might help Yoran in what Paller sees as the cybersecurity chief's
biggest challenge: encouraging government regulators to get tough with
software companies about security. 

Disagreements over that issue and the relatively low position of the
cybersecurity chief within the DHS hierarchy are widely reported to have
forced Yoran's predecessor, Richard Clarke, from his job in January (see
story
http://www.computerworld.com/governmenttopics/government/story/0,10801,77927,00.html)
*******************************
USA Today
VeriSign launches 'suggestion service' for Web typos
September15, 2003

NEW YORK (AP)  Mistype a Web address, and the generic error message
that appears in your browser window offers few clues about how to reach
the site you're seeking. 
VeriSign, which directs traffic for much of the Internet, launched a
service Monday that will change all that. For mistyped addresses for
which no Web site exists, it will offer you a list of likely
alternatives. 

Critics complain that the new service, Site Finder, gives a private
company too much control over online commerce and lets it profit from an
essential monopoly over ".com" and ".net" names.

"It goes against the philosophy of consumer choice," said
Michael Froomkin, a University of Miami law professor who follows domain
name matters. 

Vinton Cerf, one of the Internet's main designers and chairman of a a key
oversight board for domain names, said the service could violate
long-standing Internet standards. 

Several Internet service providers, including America Online, already
offer similar services for their customers, and Microsoft's Internet
Explorer browser sometimes directs mistyped queries to its MSN search
engine. 

But because AOL and Microsoft ultimately get information about
".com" and ".net" names from VeriSign's directory
computers, VeriSign could intercept such queries and direct them to Site
Finder. 

Although VeriSign officials say Internet providers can set up their
domain name systems to bypass Site Finder, a test Monday by The
Associated Press using both AOL and Microsoft's browser showed such
bypassing did not always occur. 

And AOL complained. 

"We put so much of our research into developing this (AOL) search
result page," AOL spokesman Andrew Weinstein said. "We are
reviewing our potential options. We are strongly opposed to them
interjecting themselves into our members' search experience."

The service affects only ".com" and ".net" names and
won't kick in when someone has already claimed variations that are one or
two letters off. Typing "disbey.com"  with a "b"
instead of an "n"  gets you a Web site that already
registered the name. 

But as of Monday afternoon, "earthfink.net" was not registered.
Typing in that name got Site Finder's suggestions for
"earthlink.net" or "earthfind.com." Users can then
type a search query just as they do at Google or browse through
preselected categories. 

VeriSign began offering Site Finder on Monday, although it may take
another day or so before the company finishes activating it worldwide.

Ben Turner, VeriSign's vice president for naming services, described the
service as a way to "improve overall usability of the
Internet." 

People mistype ".com" and ".net" names some 20
million times daily, Turner said, and internal studies show "the
vast majority of users prefer a page like this than what they are getting
today." 

Danny Sullivan, editor of the Search Engine Watch online newsletter,
agreed that such a service could be helpful, though he said it could also
be abused  for instance, by directing users only to sites that pay
to be included. 

Currently, Site Finder sends lost Web surfers to both regular search
results and pay-for-placement listings, which are marked as such. Turner
said VeriSign was partnering with two search companies he would not name.

He would not disclose how much VeriSign would earn from those companies,
with which it has revenue-sharing arrangements. 

"Right now, VeriSign's business is not a growing business, and
anything that they do to add the slightest amount of growth is going to
be positive," said Gene Munster, an analyst with U.S. Bancorp Piper
Jaffray. 

SiteFinder is on the Net at sitefinder.verisign.com.
*******************************
.