Security: The Feds Can Help | eWeek

Security: The Feds Can Help

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Aug 19, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board, has been teasing us with snippets of a long-awaited federal cyber-security plan, due Sept. 18. Based on what weve heard so far, the plan shows promise. Here are some things wed like to see when the ink is dry.

Since few things are so insecure as a new PC, the PCIPB plan should push manufacturers to include safeguards. New machines should arrive with security updates applied, all optional network services turned off and a simple firewall enabled.

Clarke has said he wants to require certification by the National Institute of Standards and Technologys National Information Assurance Plan for all government technology purchases. That makes sense, but the lengthy and expensive NIAP certification process must be streamlined so that all vendors can comply.

The PCIPB plan also needs to address ways to automatically update the machines already populating our networks. We like automatic update agents as long as they dont change systems without an OK from central IT first.

The sharing of vulnerability information, always a source of great angst among security insiders, needs to be coordinated, and the PCIPB initiative is the perfect mechanism for bringing divergent groups together. Clarkes preliminary pitch strikes a reasonable middle ground between free-for-all disclosure and the close-to-the-vest approach favored by software vendors. We urge him to hold that ground.

Clarke has saved his sharpest criticism for ISPs that sell broadband connections without giving users proper protection. We agree. The federal cyber-security plan must require service providers to give users tools such as firewalls if they dont have them. ISPs should also be required to sniff out spoofed IP addresses in their own traffic.

The PCIPB has shown it can make worthwhile progress in IT security, playing a key role in the creation of the Consensus Baseline Security Settings for Windows 2000 machines (available at www.cisecurity.org).

The PCIPB is now poised to build on that work, using the big stick of the federal governments purchasing power to enhance IT security for all.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.