Forwarded from: Jon Erickson <erickson.jon@gmail.com>
http://www.washingtonpost.com/wp-dyn/articles/A25583-2005Feb15.html
By Ted Bridis
AP Technologiy Writer
February 15, 2005
The Bush administration is considering making the National Security
Agency -- famous for eavesdropping and code breaking -- its "traffic
cop" for ambitious plans to share homeland security information across
government computer networks, a senior NSA official says.
Such a decision would expand NSA's responsibility to help defend the
complex network of data pipelines carrying warnings and other
sensitive information. It would also require significantly more money
for the ultra-secret spy agency.
The NSA's director for information assurance, Daniel G. Wolf, was
expected to outline his agency's potential role during a speech
Wednesday at the RSA technology conference in San Francisco. In an
interview preceding his speech, Wolf told The Associated Press that
computer networks at U.S. organizations are like medieval castles,
each protected by different-size walls and moats.
As the U.S. government moves increasingly to share sensitive security
information across agencies, weaknesses inside one department can
become opportunities for outsiders to penetrate the entire system,
Wolf warned. Attackers could steal sensitive information or
deliberately spread false information.
"If someone isn't working on being a traffic cop, giving guidance on
how secure they need to be, a risk that is taken by one castle is
really shared by other castles," Wolf said. "Who's defining the
standards? Who says how high the walls should be?"
The NSA already helps protect systems deemed vital to the nation's
security, such as those involved in intelligence, cryptography and
weapons. Wolf said the administration is considering whether to
designate its fledgling information-sharing efforts also under the
NSA's purview.
The White House Office of Management and Budget currently directs
efforts by civilian agencies to secure their computer networks.
The NSA's information security programs are highly regarded among
experts. "Bring it on. This clearly ought to be done," said Paul
Kurtz, a former White House cybersecurity adviser and head of the
Washington-based Cyber Security Industry Alliance, a trade group.
"This will raise the bar across the federal government to a far more
secure infrastructure."
Congress has directed the NSA and the Department of Homeland Security
to study the architecture and policies of computers for sharing
sensitive homeland security information.
In the latest blueprint for U.S. intelligence spending, lawmakers
warned that attackers always search for weak links and that connecting
distant systems "will further increase the vulnerability of networks
that originally were developed to be susbstantially isolated from one
another."
It's unclear how the NSA's efforts would affect private companies,
which own and operate many of the electrical, water, banking and other
systems vital to government. Wolf said the agency already works to
secure such systems important to military installations, but he denied
that NSA would have any new regulatory authority over private
computers.
"When we talk about being the traffic cop, we're not in charge of
these networks," Wolf said. "We're not running these networks."
It also was unclear how much the effort might cost.
"If you're going to have a network that everyone in government can get
into, that means some agencies are going to have to come up to meet
new, higher standards, and that's expensive," said James Lewis,
director of technology policy at the Center for Strategic and
International Studies, a conservative think-tank.
_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
