[Dshield] Security

james A. Mulick mulick.1 at osu.edu
Tue Oct 14 21:13:31 GMT 2003

-----Original Message-----

Sent: Monday, October 13, 2003 11:02 AM
To: Carey, Linda
Subject: FW: Homeland Security Update for the "Cyber-terrorism/Security"
F ocus Group

Oct. 9, 2003 - 8:32 p.m.
List Highlights Top Cybersecurity Threats

By Caitlin Harrington, CQ Staff

The Department of Homeland Security and a Bethesda, Md.-based
cybersecurity organization have come up with a Top 20 list of emerging
computer security vulnerabilities. 

The SysAdmin, Audit, Network, Security, or SANS, Institute, releases the
list annually, but this year, the organization teamed with the new
Homeland Security Department.

At the top of the 2003 SANS list are virus attacks during Windows
file-sharing and unauthorized access to computers with easy-to-crack

For the past three years, the SANS list has catalogued security gaps
plaguing Windows and Linux - two of the most widely used operating
systems in homes and offices.

Canada's Office of Critical Infrastructure Protection and Emergency
Preparedness and the United Kingdom's National Infrastructure Security
Coordination Center (NISCC) also contributed to this year's list.

* View the Top 20 list 


Oct. 9, 2003 - 3:58 p.m.

Ridge Calls on Private Companies to Join War on Cyberterrorism

By Chris Logan, CQ Staff

The combination of a cyber-attack and a physical attack by terrorists
could be devastating, Homeland Security Secretary Tom Ridge told the
Business Software Alliance Thursday. "We think about it all the time,"
he said. "I can imagine given the interdependency of just emergency
services alone responding to a physical attack, how that could
complicate our mission to save lives." 

Ridge outlined the Bush administration's strategy for combating
cyber-attacks, but called on the private sector to protect itself, and
added the administration is considering requiring publicly traded
companies to disclose the steps they are taking to secure their computer
systems. "I think we need to talk about some kind of public disclosure,
what are you doing about your security, physical and cybersecurity,"
Ridge said. "Tell your shareholders, tell your employees, tell your
communities within which you operate." 

Ridge said he has discussed the idea with Securities and Exchange
Commission Chairman William Donaldson.

* Text of Ridge's speech 


Oct. 8, 2003 - 8:31 p.m.

Act Now to Avoid Regulation, Cybersecurity Alliance Warns CEOs

By Tim Starks, CQ Staff

The laws and ideas needed to fend off cyberthreats are now in place, but
security breaches will continue to multiply until top executives start
viewing them as more than a technology problem, an alliance of software
manufacturers concluded in a study released Wednesday.

The Business Software Alliance Information Security Governance Task
Force said company boards of directors and CEOs need to become more
involved in dealing with security efforts rather than handing them off
to chief information officers.

In 2000 there were 22,000 cybersecurity incidents. In the first half of
2003 there were 76,000, despite increasing awareness and regulation, the
study said.

One expressed purpose of the alliance's report was to prevent harsh
regulations that would inevitably result from a major cyber-attack.

"If industry does not take a leadership role on the implementation of
security best practices, we will find ourselves at the mercy of reactive
regulation," said Thomas Noonan, president and CEO of Internet Security
Systems and a co-chair of the task force.

So far, the Bush administration has been happy to let companies deal
with cybersecurity challenges on their own, the report said, but no
fewer than five major laws have been passed at the federal and state
level that regulate information security.

Major software companies from Microsoft to Entrust to Symantec helped
put together the alliance's white paper. 

* Text of the report 

James A. Mulick, Ph.D.
Professor, Pediatrics & Psychology
The Ohio State University
Columbus Children's Hospital
700 Children's Drive. CHPB-4
Columbus, OH 43205-2696
[No institutional endorsement of message content implied]

More information about the list mailing list