WASHINGTON—The Bush administration has made e-government one of its top priorities, encouraging citizens, for example, to file taxes and renew licenses online. But some security experts are questioning whether that initiative, which links federal systems to home and office computers, exacerbates the vulnerabilities of the nations cyber-infrastructure.
The U.S. House of Representatives recently approved legislation to limit peer-to-peer networking on government computers, and now members of Congress are talking about taking more drastic steps, even removing public-facing Web sites from government networks.
The legislative momentum is fueled by the IT security industry, and companies such as Akamai Technologies Inc., in Cambridge, Mass., and NetSec Inc. are urging the government to play a more prominent role in promoting a safer cyber-environment.
“By serving the content externally, the public no longer needs direct access to the government network, and it is much easier to filter out attack traffic,” Akamai Chief Scientist F. Thomson Leighton told lawmakers. Leighton did not specify which nongovernment network might handle the governments public-facing material, but one possibility is Akamais network.
Leighton and NetSec President Kenneth Ammon related a litany of security problems on the Internet during a hearing of the House Government Reform Committee here last week, warning that the infamous Code Red and Blaster viruses are still active and that attack traffic is growing.
Warning that the governments certification procedures offer little value when applied to existing computer systems and that there is no objective measure of an agencys security performance, Ammon urged lawmakers to outsource more security systems to private companies.
Ammon, based in Herndon, Va., also criticized the governments attention to security in federal wireless LANs, calling the system a “steel door/grass hut approach to security.”
Rep. Tom Davis, R-Va., who chairs the committee, questioned last week whether average computer users know what software they run, where to find a patch and how to apply it. The government, too, has a less-than-stellar record for making IT security policy, Davis said. “The Internet is inherently a breeding ground for malevolent actors,” Davis said during the hearing.