Security: The Feds Can Help | eWeek

Security: The Feds Can Help

Verfasst von
eWEEK EDITORS
eWEEK EDITORS
Aug 19, 2002
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, has been teasing us with snippets of a long-awaited federal cyber-security plan, due Sept. 18. Based on what weve heard so far, the plan shows promise. Here are some things wed like to see when the ink is dry.

Since few things are so insecure as a new PC, the PCIPB plan should push manufacturers to include safeguards. New machines should arrive with security updates applied, all optional network services turned off and a simple firewall enabled.

Clarke has said he wants to require certification by the National Institute of Standards and Technologys National Information Assurance Plan for all government technology purchases. That makes sense, but the lengthy and expensive NIAP certification process must be streamlined so that all vendors can comply.

The PCIPB plan also needs to address ways to automatically update the machines already populating our networks. We like automatic update agents as long as they dont change systems without an OK from central IT first.

The sharing of vulnerability information, always a source of great angst among security insiders, needs to be coordinated, and the PCIPB initiative is the perfect mechanism for bringing divergent groups together. Clarkes preliminary pitch strikes a reasonable middle ground between free-for-all disclosure and the close-to-the-vest approach favored by software vendors. We urge him to hold that ground.

Clarke has saved his sharpest criticism for ISPs that sell broadband connections without giving users proper protection. We agree. The federal cyber-security plan must require service providers to give users tools such as firewalls if they dont have them. ISPs should also be required to sniff out spoofed IP addresses in their own traffic.

The PCIPB has shown it can make worthwhile progress in IT security, playing a key role in the creation of the Consensus Baseline Security Settings for Windows 2000 machines (available at www.cisecurity.org).

The PCIPB is now poised to build on that work, using the big stick of the federal governments purchasing power to enhance IT security for all.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.