From...

October 8, 1999
Web posted at: 11:17 a.m. EDT (1517 GMT)

by Keith Perine

(IDG) -- If you believe your technical support team when it tells you that the corporate Internet firewall will withstand any assault, there's a bridge in Brooklyn you might be interested in buying.

That's the word from administration officials who have just testified before the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information.

All of the nation's critical infrastructures – from national defense to electric power to banking to telephones – are automated and accessible via the Internet. That makes them a juicy target for foreign governments, disgruntled former employees or high school sophomores who want to wow the gang in the computer club.

"There now exists the potential to do with a keyboard what in the last world war would have taken a squadron of bombers to accomplish," said Sen. Dianne Feinstein (D-Calif.).

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Industry Standard home page
Industry Standard email newsletters
Industry Standard daily Media Grok
Industry Standard financial news
Reviews & in-depth info at IDG.net
IDG.net's personal news page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for computer industry cognoscenti
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

The officials were summoned to Capitol Hill talk about what the federal government is doing to guard against Internet sabotage. They testified in the wake of a General Accounting Office report issued Monday that says the administration's computer security efforts lack a central focus.

We've had to prod some people in the administration to get going on this for quite a while," said Sen. Jon Kyl (R-Ariz.), who chairs the subcommittee.

The witnesses acknowledged that increased coordination within the government was needed. But they pointed out that 90 percent of computer systems vital to everyday American life are owned by the private sector, which they said has treated cybercrime with a dangerously complacent mood.

"No firewall is impenetrable," said Michael Vatis, the director of the FBI's National Infrastructure Protection Center. "I think many people have a false sense of security." He added that vital computer systems in the private sector, such as those governing electric power grids and long-distance telephone networks, have a "high vulnerability" to sabotage.

Vatis said that the Defense Department detects as many as 100 hacks into its system every day, ranging from harmless system "pings" to theft of unclassified information. He said that the FBI's own computer hacking caseload has doubled in each of the last two years, and that the bureau currently has 800 investigations under way.

The Clinton administration is preparing the final draft of a comprehensive plan to fight Internet sabotage. That report, initially scheduled for release last December, should be issued in the next few weeks.

John Tritak, the director of the administration's Critical Infrastructure Assistance Office, wouldn't discuss many specifics of the plan. He said the administration would be asking Congress for $38.4 million to hire new staff and launch a number of new programs, including a new computer monitoring system.

Sen. Robert Bennett (R-Utah) asked Vatis whether the private sector might be willing to invite government "red teams" to test corporate computer firewalls for weaknesses.

"Some would welcome that," Vatis said. "Others might be adverse to it because they don't want to know the answer."