COMPUTER
SECURITY
PRESS CONFERENCE STATEMENT
SENATOR JOSEPH LIEBERMAN
February 22, 2000
Thank you all
for coming and thank you, Mr. Chairman, for your leadership on
the subject of computer security - a problem that everyone’s
been alerted to since several popular commercial web-sites were
disabled two weeks ago but that, as the Chairman noted, we on
the Governmental Affairs Committee have been scrutinizing for
several years now.
The
cluttered, competitive and rapidly-changing environment we now
live in was illustrated beautifully, I thought, by an
advertisement I saw the other day in the style of a 1940s horror
movie poster. The ad shows cars burning and buildings toppling
while men and women flee in terror from "The Invasion of
the Dots." I don’t think there’s any question our
economy and our culture have been invaded by "dot coms."
And I think we all agree it’s been a welcome invasion - even
if it has happened at break-neck speeds that are sometimes hard
to keep pace with.
But now, the
environment has changed again, and the "dot coms" are
under invasion. And while the invasion is not exactly welcome,
it is a siren call to anyone who conducts business over the web.
That goes for private commerce as well as government services.
Whether this most recent band of hackers are restless teenagers
or self-appointed security storm troops, their handiwork should
herald a new era of the computer age: An era in which electronic
information must be ironclad if we are to reap the full benefits
of quick, universally accessible communication that the Internet
affords.
The good news
is that web security is not a difficult proposition. Indeed, it
is readily attainable. The software exists to prevent the kinds
of breaches we have seen in recent months. It is simply a
question of getting companies to install and update their
security, before they turn to more profitable ventures. In the New
York Times last week, David Freedman, a senior editor at Forbes
ASAP, explained why entrepreneurs are reluctant to move in
this direction. "Enacting security fixes often slows
performance," he wrote, "causes breaks in service, or
limits what a site can do, and because the fixes are often
expensive, (they) funnel money away from improvements that can
provide more visible payoffs." - i.e. immediate market
share.
At this
stage, government will not force companies to take better
security precautions. Those are business decisions individual
companies must make on their own. In fact, the less government
interferes with the Net - and the freedom of expression it has
spawned - the better. But, government can be an example.
Regretfully, we have been a woefully poor example, so far.
That’s why Chairman Thompson and I introduced the Government
Information Security Act last year - to shore up a management
structure to implement computer security on systems throughout
government. The President has also proposed a number of
innovative ideas to help the government catch up technologically
There simply
is no dispute that we need better security plans at every single
agency, better detection and reporting of unauthorized
intrusions, perhaps more sophisticated technology to prevent
intrusions and, most certainly, more people trained to operate
these complex computer matrixes. The ultimate goal of our bill
is to protect the integrity, confidentiality and availability of
all government information - from wage and tax information the
government maintains on all working Americans, to air traffic
control patterns, to NASA missions and weapons deployment. And I
should think that after the recent news events, that goal is
more critical than ever.
Last year, government and
industry cooperated successfully to defuse the Y2K problem.
We’re going to have to forge those industry ties again to
ensure that the freedom of expression which is the essence of
the Internet is guaranteed by the freedom of operation. |