$449 Bundle eCode: USPCNETS10SERV
 
By Robert Vamosi But don't expect the plan to resolve all our cybersecurity issues--or even come close. What it won't do Already, there are several known omissions in the NSSC. Clarke himself has admitted that the proposal will not impose any greater responsibility on the software industry to produce more secure code. Nor will it have any representation from the health care industry. Also, the White House staff went out of its way at security conferences this summer to emphasize that the NSSC will have no enforcement provisions. So we shouldn't expect any strategy for penalizing those who disobey the guidelines outlined in the report. According to a recent Associated Press report, another issue didn't make it into the proposal: requiring broadband companies to provide their users with firewalls. Clarke believes not doing so is "like selling cars without seatbelts." Currently, only EarthLink provides a firewall service. Report not finished No one will know for sure what exactly the report will include until next Wednesday. But to get an idea of Clarke's priorities, I reviewed my notes from his keynote speech at July's Black Hat USA security conference. There, Clarke offered his own thoughts on cybersecurity, independent of the NSSC.
He also warned the audience not to laugh when Bill Gates says he's working toward "trustworthy computing." "Rather than reject it, hold him to it," he said. When it comes to the U.S. government securing the Internet, Clarke likened the Net to the "tragedy of the commons." This is a reference to a 1968 book by Garret Hardin, in which the commons is any resource shared by a large group of people. As populations grow, such resources become strained. Clarke was implying that the Internet now benefits many people, yet no one wants to take responsibility for it--and that if neglected, it will fall into disarray. He argued that the U.S. government is best suited to developing new protocols that will be required as the Internet moves from millions to billions of users.
Wireless is not secure Clarke saved his harshest words for wireless networks. Why, he asked, do vendors continue to sell products that they know aren't secure or that are so difficult to secure that most people don't bother? He said the Department of Defense (DoD) bans wireless LANs and makes sure nobody sets up access points anywhere near the DoD's headquarters. According to Clarke, it's pointless for companies to spend money on firewalls, IDS, and VPNs only to allow wireless devices to poke holes through all that security. "We all ought to shut off our WLANs until we know they are secure." But these are the opinions of one man, not the entire NSSC committee. Given Clarke's tough words at the Black Hat conference, I'm really curious to see the final NSSC document--and see how much vendors influenced it. I, and others in the room at Black Hat, liked what we heard from Clarke. But based on initial reports, the final NSSC draft already promises to fall well short of that standard. Still, it's a first step. Already, the White House is talking about a second NSSC draft, which could be published as early as January 2003. So stay tuned. Do you agree with Clarke's cybersecurity agenda? Is he too tough? Not tough enough? What would you like to see in the NSSC? TalkBack to me!
Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know! |
 |
Next steps |
 | |
| |
•
Find DSL in your own area |
• Download security and encryption apps |
• Make sure your computer is up-to-date with CNET CatchUp
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
• Download security and encryption apps |
• Make sure your computer is up-to-date with CNET CatchUp
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
 
|
|||
|
