From...

October 6, 1999
Web posted at: 10:41 a.m. EDT (1441 GMT)

by Keith Perine

(IDG) -- Despite the efforts of several federal agencies and task forces to fight cybercrime, the government's computer infrastructure remains dangerously vulnerable to attack from terrorists, computer viruses and saboteurs, according to a report released today by the General Accounting Office.

The study, entitled "Critical Infrastructure Protection: Comprehensive Strategy Can Draw on Year 2000 Experience," says that computer networks maintained by the Department of Defense, the Internal Revenue Service and 20 other major federal agencies don't have enough firewalls and access controls to guarantee protection against outside assault.

"A widespread, well-organized attack could severely disrupt or damage critical systems," the report says.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Industry Standard home page
Feds Crack Down on Web Hijackers
Illegal search and seizure now easier than ever
Virtual crime, real world jail time
Reviews & in-depth info at IDG.net
Dozens of Bills Affecting the Net in Congressional Limbo
Cyberforensics stands ready to help you track and prosecute criminal corporate hackers
IDG.net's personal news page
Year 2000 World
Industry Standard email newsletters
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for computer industry cognoscenti
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

The warning follows governmental efforts to step up computer security. In May 1998, President Clinton issued an executive order which directed federal agencies to coordinate their efforts with the private sector to combat cybercrime. The Federal Bureau of Investigation has since established a special cybercrime unit. And last Friday, the Treasury Department announced that it was joining with several major banks and investment firms to launch its own crime-watch unit to monitor the electronic financial industry.

But the GAO warned today that those efforts suffered from a lack of overall coordination and central planning. The agency is worried that resources are being spread too thinly, and that some work might be duplicated unnecessarily. Unless a central agency or group can spearhead the government's efforts, the steps taken will be "unfocused, inefficient and ineffective," according to the report.

"You've got a lot of people with a lot of good intentions," says GAO spokesperson Jean Voltz. "But there's no cohesive strategy."

The agency's report stops short of making specific recommendations for how to focus the government's efforts.

The report was commissioned by Sen. Robert Bennett (R-Utah), the chair of a special Senate committee that's monitoring the government's technical preparations for the year 2000. Bennett asked the GAO to size up the government's computer security risks as it observed those preparations.

This isn't the first time the GAO has sounded the alarm. In several studies since September 1996, the agency has called poor information security a "widespread federal problem."

Earlier this year, GAO auditors successfully penetrated the National Aeronautics and Space Administration's computer system. In August, the GAO reported that several Defense Department databases have already been compromised by cybercriminals.

In fact, according to the CERT Coordination Center, established by the Defense Department in 1988 to track cybercrime, the number of reported security breaches in U.S. computer systems has skyrocketed, reaching 4,398 in the first half of this year, up from 1,334 in all of 1993.

The Clinton administration is working on an action plan to coordinate the government's security measures. The report, which has been delayed several times, is expected by the end of the month.