Tags: Panel | Backs | Cybersecurity | R&D | Liability

Panel Backs Cybersecurity R&D, Liability

Wednesday, 09 January 2002 12:00 AM

The National Research Council made its recommendations in "Cybersecurity Today and Tomorrow," a report compiled by its Computer Science and Telecommunications Board.

"Information system vulnerabilities, from the standpoint of both operations and technology, are growing faster than the (U.S.) ability and willingness to respond," the report said.

Fingers can be pointed at pretty much everyone when it comes to defining the problems, the report said. Users focusing on ease-of-use over security; computer and software companies providing such features and not engineering them properly; companies unwilling to put people and resources into cybersecurity; and the government need to change their way of doing things, it said.

"The failure of the U.S. government's (secure computer) program, even within the federal marketplace, is a striking example," the report said. "The government demanded secure systems, industry produced them, and then government agencies refused to buy them because they were slower and less functional than ... systems available on the open market."

Although economic considerations might prompt changes eventually, the report suggested lawmakers could speed up the process. Currently, vendors are largely immune from liability if their products lead to a security hole.

The report said legislators could consider lifting some of that immunity to encourage change, and they also might require mandatory reporting of hacking events that threaten critical functions.

A multi-pronged approach to cybersecurity is needed, the report said. Network owners must create their own hacking "teams," outside of existing information technology departments, to check system integrity and help provide accountability for security personnel.

Vendors have to improve today's "miserably inadequate" network monitoring tools, so administrators can more easily spot unintended breaches caused by improper settings on individual computers.

"Because the benefits of successful security can be seen only in events that do not happen, resources devoted to security are 'wasted' in the same sense that resources devoted to insurance are 'wasted,'" the report said.

As far as ensuring individual users have proper access to those systems, the report suggested replacing security passwords with physical items, such as smart cards, and biometric identification such as fingerprints. Although these methods are not foolproof, the means of defeating them cannot easily be shared by the hacker community -- a card cannot be duplicated and e-mailed to hundreds of people at once, for example.

Computer and software makers also must simplify security for the average user, the report said, since most people (and even companies) lack any experience in the field. Systems should leave the factory with security features turned on, for example, so users have to make a conscious choice to turn them off.

Vendors also must be far more rigorous in testing products for possible holes before items are released to the public, the report said. Education and research would also play a vital role in improving cybersecurity, so lawmakers should increase funding for such endeavors, the report said. Congress is already taking steps in that direction.

Before going into holiday recess, the House Science Committee passed

Heidi Mohlman Tringe, the committee's communications director, said the NRC report is a welcome piece of support for the bill. The House Education Committee is also considering the bill, and the full House is expected to take up the matter after returning from recess, Tringe said.

Copyright 2002 by United Press International. All rights reserved.

© 2019 Newsmax. All rights reserved.

   
1Like our page
2Share
Pre-2008
The National Research Council made its recommendations in Cybersecurity Today and Tomorrow, a report compiled by its Computer Science and Telecommunications Board. Information system vulnerabilities, from the standpoint of both operations and technology, are growing...
Panel,Backs,Cybersecurity,R&D,,Liability
548
2002-00-09
Wednesday, 09 January 2002 12:00 AM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved