Wednesday, December 24, 2008

Congress in the Cyber-Crosshairs

ACM TechNews points out the cover story of National Journal about what it will take to keep the next invader out of Congressional computers.

Two years ago, 15 House panels and members' offices were invaded by malware whose nature suggest the intrusions originated in China. One target, the office of House Representative Frank Wolf (R-Va) argued before the House that the fear of admitting vulnerability might be a reason underlying U.S. intelligence and national security's reluctance ro publicize the breaches sooner.
"I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, BlackBerry devices, and phones," he said.
While it appears that there is little interest from members of Congress in discussing cyber vulnerabilities, it is likely because they have little understanding of them. Former director the DHS' Cyber Security Division Amit Yoran says
"As a member of Congress, you have so many issues competing for your attention and, historically, cyber-security hasn't been one that's won out. It's not an issue that is particularly well tracked by their constituents."
In a recent study prepared by the Center for Strategic and International Studies concluded for President-elect Barack Obama that Congress is unsuited for managing executive-branch cybersecurity due to the inconsistency and fragmentation of its oversight. The study group recommended that Obama take charge of cybersecurity and establish a new office for cyberspace in the Executive Office of the President that would collaborate closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties."

See complete article at National Journal Magazine.