Digital Vandalism from nytimes.com
- This article from the NY Times online edition may be
of interest to some of you.
Digital Vandalism Spurs a Call for Oversight
September 1, 2003
By AMY HARMON
The teenager accused of creating a version of the
worm that infected computer systems across the world
week has been arrested. SoBig.F, an e-mail virus
on the Internet just as Blaster was being stamped out,
expected to expire next week.
But all is far from quiet on the electronic frontier.
Security experts are already preparing for SoBig.G.
worm may already be squirming through newly discovered
flaws in computer operating systems. And in the
between epidemics, the Internet's more run-of-the-mill
annoyances - spam, scams and spyware - can be counted
keep users on edge.
The Internet has become a vital part of commerce and
culture, but it is still a free-for-all when it comes
facing computer meltdowns. As America's 156 million
Internet users brace for the next round of digital
vandalism, some experts say that it is time for the
government to bolster a basic sense of stability in
cyberspace that societies expect from their critical
"The government has essentially relied on the
efforts of industry both to make less-buggy software
make systems more resilient," says Michael A. Vatis,
director of the National Infrastructure Protection
at the Federal Bureau of Investigation. "What we're
is that those voluntary efforts are insufficient, and
repercussions are vast."
Proposals for government action being discussed by
makers and computer security experts include
the Department of Homeland Security's cybersecurity
division and offering tax incentives to businesses for
spending on security. Another proposal would require
companies to disclose potential computer security
Securities and Exchange Commission filings.
Unlike the airwaves or the highways, the Internet is
subject to government oversight. And even the specter
intervention can raise hackles among business leaders
technologists who see the Internet's openness as
its success as a platform for innovation.
But the increasing frequency and severity of computer
attacks - last month's dual assault cost billions of
dollars in lost productivity alone - may have muted
"We need to encourage private industry and government
raise the standard of cybersecurity," said
Mac Thornberry, a Republican from Texas and the
a House subcommittee on cybersecurity. "From my
we need to be moving more quickly on that front."
Many security experts now advocate direct regulation,
the form of legislation that makes software companies
liable for damage caused by security flaws in their
"There's a reason this kind of thing doesn't happen
automobiles," says Bruce Schneier, chief technical
at Counterpane Internet Security in Cupertino, Calif.
Firestone produces a tire with a systemic flaw,
liable. When Microsoft produces an operating system
two systemic flaws per week, they're not liable."
Most software licenses protect vendors from problems
arising from vulnerabilities in their code. That
many computer users at the mercy of software makers,
particularly Microsoft, whose ubiquitous Windows
system and e-mail programs serve as the starting point
many demons in cyberspace.
Microsoft concedes that its software needs to be
better, but it also points to the need for users to
ensure their own security.
"There are three major things every consumer and user
computers needs to do," Scott Charney, the security
for Microsoft, said. "One, get antivirus software and
it up to date. Two, get a fire wall and turn it on.
three, patch your machines."
That does not lend much comfort to many computer
"Heck, despite being libertarian in nature, I'm all
government crackdown in this area," one frustrated Web
wrote in an online discussion about the recent virus
attacks. "Obviously most home users are not going to
how to install a fire wall."
Advocates of increased regulation say a California law
went into effect in July could serve as a model: the
requires companies conducting business in the state to
disclose computer security breaches if they result in
unauthorized access to residents' personal
Customers can sue businesses that violate the new law
What federal officials can do now is track down those
create viruses and prosecute them under existing law.
despite the arrest on Friday of Jeffrey Lee Parson,
Hopkins, Minn., who the F.B.I. thinks wrote the
of the Blaster worm that was released on Aug. 11,
have asserted that the Bush administration has
Internet security to too low a priority.
The F.B.I.'s National Information Protection Center,
investigated Internet attacks and sought to issue
pre-emptive warnings, has been dismantled in an effort
consolidate antiterrorism operations under the
of Homeland Security. The role of cybersecurity
also been moved out of the White House and into the
department. But no one has been named chief of its
cybersecurity division since Howard Schmidt announced
resignation in April.
"I kind of despair of the government doing anything,"
Richard A. Clarke, who held the job before Mr. Schmidt
resigned in January. He warned that the nation would
"digital Pearl Harbor" unless it took online security
The rapidly rising level of aggravation in the face of
SoBig and Blaster attacks signals what could be a
point for a medium that until now has been embraced as
unregulated engine of progress.
A survey released yesterday by the Pew Internet and
American Life Project said that nearly 60 percent of
Internet users say they favor the government's
American corporations - who are often reluctant to
that their computers have been compromised - to
more information about their vulnerabilities. Half of
surveyed said they worried about terrorists damaging
"It's been this nice electronic playground, but you
help starting to wonder if maybe all this connection
so great," said Ellen Waite-Franzen, vice president
computing and information services at Brown
sent teams of technical support workers into dormitory
rooms to disinfect student computers after the
network suffered a failure last week. "Now it feels
But some longtime Internet users worry that decisions
security, if left in private hands, may balkanize a
whose openness is precisely what has permitted it to
flourish. Lawrence Lessig, a Stanford University law
professor who is an expert on cyberspace, says,
opportunity here for policy that would address the
worms and viruses and spam and invasions of privacy,
without breaking the Internet."
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software