Loading ...
Sorry, an error occurred while loading the content.

digital vandalism

Expand Messages
  • Elizabeth Hanson-Smith
    Some of you may have an interest in this article from the NYTimes.com online edition. ... ===================== Digital Vandalism Spurs a Call for Oversight
    Message 1 of 1 , Sep 1, 2003
    • 0 Attachment
      Some of you may have an interest in this article from
      the NYTimes.com online edition.
      ---Elizabeth

      =====================
      Digital Vandalism Spurs a Call for Oversight

      September 1, 2003
      By AMY HARMON

      The teenager accused of creating a version of the
      Blaster
      worm that infected computer systems across the world
      last
      week has been arrested. SoBig.F, an e-mail virus
      unleashed
      on the Internet just as Blaster was being stamped out,
      is
      expected to expire next week.

      But all is far from quiet on the electronic frontier.
      Security experts are already preparing for SoBig.G.
      Another
      worm may already be squirming through newly discovered
      flaws in computer operating systems. And in the
      moments
      between epidemics, the Internet's more run-of-the-mill
      annoyances - spam, scams and spyware - can be counted
      on to
      keep users on edge.

      The Internet has become a vital part of commerce and
      culture, but it is still a free-for-all when it comes
      to
      facing computer meltdowns. As America's 156 million
      Internet users brace for the next round of digital
      vandalism, some experts say that it is time for the
      government to bolster a basic sense of stability in
      cyberspace that societies expect from their critical
      public
      resources.

      "The government has essentially relied on the
      voluntary
      efforts of industry both to make less-buggy software
      and
      make systems more resilient," says Michael A. Vatis,
      former
      director of the National Infrastructure Protection
      Center
      at the Federal Bureau of Investigation. "What we're
      seeing
      is that those voluntary efforts are insufficient, and
      the
      repercussions are vast."

      Proposals for government action being discussed by
      policy
      makers and computer security experts include
      strengthening
      the Department of Homeland Security's cybersecurity
      division and offering tax incentives to businesses for
      spending on security. Another proposal would require
      public
      companies to disclose potential computer security
      risks in
      Securities and Exchange Commission filings.

      Unlike the airwaves or the highways, the Internet is
      not
      subject to government oversight. And even the specter
      of
      intervention can raise hackles among business leaders
      and
      technologists who see the Internet's openness as
      crucial to
      its success as a platform for innovation.

      But the increasing frequency and severity of computer
      virus
      attacks - last month's dual assault cost billions of
      dollars in lost productivity alone - may have muted
      the
      antiregulatory reflex.

      "We need to encourage private industry and government
      to
      raise the standard of cybersecurity," said
      Representative
      Mac Thornberry, a Republican from Texas and the
      chairman of
      a House subcommittee on cybersecurity. "From my
      standpoint,
      we need to be moving more quickly on that front."

      Many security experts now advocate direct regulation,
      in
      the form of legislation that makes software companies
      liable for damage caused by security flaws in their
      products.

      "There's a reason this kind of thing doesn't happen
      with
      automobiles," says Bruce Schneier, chief technical
      officer
      at Counterpane Internet Security in Cupertino, Calif.
      "When
      Firestone produces a tire with a systemic flaw,
      they're
      liable. When Microsoft produces an operating system
      with
      two systemic flaws per week, they're not liable."

      Most software licenses protect vendors from problems
      arising from vulnerabilities in their code. That
      leaves
      many computer users at the mercy of software makers,
      particularly Microsoft, whose ubiquitous Windows
      operating
      system and e-mail programs serve as the starting point
      for
      many demons in cyberspace.

      Microsoft concedes that its software needs to be
      designed
      better, but it also points to the need for users to
      help
      ensure their own security.

      "There are three major things every consumer and user
      of
      computers needs to do," Scott Charney, the security
      chief
      for Microsoft, said. "One, get antivirus software and
      keep
      it up to date. Two, get a fire wall and turn it on.
      And
      three, patch your machines."

      That does not lend much comfort to many computer
      users.


      "Heck, despite being libertarian in nature, I'm all
      for a
      government crackdown in this area," one frustrated Web
      user
      wrote in an online discussion about the recent virus
      attacks. "Obviously most home users are not going to
      know
      how to install a fire wall."

      Advocates of increased regulation say a California law
      that
      went into effect in July could serve as a model: the
      law
      requires companies conducting business in the state to
      disclose computer security breaches if they result in
      unauthorized access to residents' personal
      information.
      Customers can sue businesses that violate the new law
      for
      civil damages.

      What federal officials can do now is track down those
      who
      create viruses and prosecute them under existing law.
      But
      despite the arrest on Friday of Jeffrey Lee Parson,
      18, of
      Hopkins, Minn., who the F.B.I. thinks wrote the
      variation
      of the Blaster worm that was released on Aug. 11,
      critics
      have asserted that the Bush administration has
      relegated
      Internet security to too low a priority.

      The F.B.I.'s National Information Protection Center,
      which
      investigated Internet attacks and sought to issue
      pre-emptive warnings, has been dismantled in an effort
      to
      consolidate antiterrorism operations under the
      Department
      of Homeland Security. The role of cybersecurity
      adviser has
      also been moved out of the White House and into the
      new
      department. But no one has been named chief of its
      cybersecurity division since Howard Schmidt announced
      his
      resignation in April.

      "I kind of despair of the government doing anything,"
      said
      Richard A. Clarke, who held the job before Mr. Schmidt
      and
      resigned in January. He warned that the nation would
      face a
      "digital Pearl Harbor" unless it took online security
      more
      seriously.

      The rapidly rising level of aggravation in the face of
      the
      SoBig and Blaster attacks signals what could be a
      turning
      point for a medium that until now has been embraced as
      an
      unregulated engine of progress.

      A survey released yesterday by the Pew Internet and
      American Life Project said that nearly 60 percent of
      Internet users say they favor the government's
      requiring
      American corporations - who are often reluctant to
      admit
      that their computers have been compromised - to
      disclose
      more information about their vulnerabilities. Half of
      those
      surveyed said they worried about terrorists damaging
      the
      Internet.

      "It's been this nice electronic playground, but you
      can't
      help starting to wonder if maybe all this connection
      is not
      so great," said Ellen Waite-Franzen, vice president
      for
      computing and information services at Brown
      University. She
      sent teams of technical support workers into dormitory
      rooms to disinfect student computers after the
      school's
      network suffered a failure last week. "Now it feels
      like a
      war zone."

      But some longtime Internet users worry that decisions
      about
      security, if left in private hands, may balkanize a
      network
      whose openness is precisely what has permitted it to
      flourish. Lawrence Lessig, a Stanford University law
      professor who is an expert on cyberspace, says,
      "There's an
      opportunity here for policy that would address the
      harms of
      worms and viruses and spam and invasions of privacy,
      without breaking the Internet."

      http://www.nytimes.com/2003/09/01/technology/01NET.html?ex=1063471926&ei=1&en=7fc488538766193b
      +++++++++++++++++++++++++++++

      __________________________________
      Do you Yahoo!?
      Yahoo! SiteBuilder - Free, easy-to-use web site design software
      http://sitebuilder.yahoo.com
    Your message has been successfully submitted and would be delivered to recipients shortly.