FREE eLETTER SIGNUP
Washington Technology Newswatch delivers the latest news to your inbox.
The National Magazine for Government Contractors.
Site Search Quickfind Go
Login | Register
Updated 4:45 PM EST September 5
CURRENT ISSUE About Us
Sprint
HOT TOPICS
Authentication/
Identity Management
Budget/Policy/Legislation
Civilian Agencies
Contract Awards
Defense
Emerging Technology
Financial Markets
Homeland Security
Industry News
Mergers/Acquisitions
Mobile/Wireless
Outsourcing
Procurement
Security
Small Business
State and Local
Telecom/IT Infrastructure
Top 100
RESOURCES
researchstore
SPONSOR SOLUTIONS

More >>

STORY TOOLS: Email this Story Print this Story Contact the Author Contact Order Reprints of this Story Reprints
Washington Technology home > web stories

11/08/05 -- 03:43 PM

Report: Punish poor information security setups

By Alice Lipowicz
Staff Writer

RELATED TOPICS
Civilian Agencies
Security
SHARE ARTICLE
Digg Digg Yahoo Yahoo
Del.icio.us Del.icio.us Google Google

Congress may want to consider penalizing organizations and companies that have poor information security policies that contribute to a major loss of sensitive information, according to a new Congressional Research Service report on cybersecurity.

Other policy questions Congress may choose to consider are whether computer product vendors should report quickly all serious, newly discovered vulnerabilities to the Homeland Security Department, and whether computer service providers and businesses should be required to report to DHS any “major security vulnerabilities that have been newly exploited by cybercriminals,” the report said.

The CRS report, “Terrorist Capabilities for Cyberattack,” states that security experts disagree about whether global terrorists are capable of launching a successful cyberattack against U.S. civilian critical infrastructure, and whether such an attack would seriously disrupt the U.S. economy.

However, tighter physical security may be encouraging terrorists to turn to cybersecurity, either by developing new computer skills themselves or by aligning with cybercriminals, the CRS report said. Those new capabilities may be used in an online terrorist attack with the intent of crippling IT infrastructures, or to finance a more conventional terrorist attack against facilities or people.

There is evidence that terrorists are gaining understanding of IT and have expanded their recruitment of people skilled in computer sciences, engineering and mathematics, the report said. Several recent terrorist events appear to have been funded partially through online credit-card fraud.

Whether it is linked with terrorism, cybercrime is increasing dramatically. The report cites research by IBM Corp. stating that during the first half of 2005, criminal-driven computer security attacks increased by 50 percent, most frequently targeting government agencies and industries in the United States.

Policy issues for Congress include evaluating whether counterrorism efforts ought to be linked more closely with international efforts to prevent cybercrime, the CRS report said. Also, there are policy questions about whether the Defense and Homeland Security departments ought to collaborate more closely to strengthen the computer security of civilian agencies and infrastructure.

The report identifies five pieces of legislation before Congress related to improving national computer security: H.R. 285, 744, 1817 and 3109 and S. 768.


WASHINGTONTECHNOLOGY LATEST NEWS GCN.COM FCW.COM

TOP JOBS FROM LOCAL EMPLOYERS
All Top Jobs

Home | About | Advertise | Contact | Custom Media | Editorial Calendar | Events
List Rental | Privacy Policy | Reprints/Linking Policy | Subscribe | Site Map

1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.