THOMPSON/LIEBERMAN
SAY MANAGEMENT, ACCOUNTABILITY MUST BE ENFORCED TO BETTER PROTECT
FEDERAL COMPUTER SYSTEMS
Washington,
DC – Senate Governmental Affairs Committee Chairman Fred Thompson
(R-TN) reminded a packed hearing room today that the federal
government’s underlying information infrastructure is "riddled
with vulnerabilities which represent severe security flaws and risks
to our national security, public safety, and personal privacy."
"Year
after year, expert witnesses have told this committee that an
underlying cause of federal information security vulnerabilities is
inadequate security program planning and management," said
Thompson. "What is most alarming to me is that after all this
time, and all these reports and expert testimony, there is still no
organization-wide approach to preventing cyber attacks. And the
security program management is totally inadequate. This is yet another
example of how difficult it is to get the federal bureaucracy to move,
even in an area important as this."
Ranking
Member Joseph Lieberman (D-CT) added, "there are many reasons
federal, computer-based information is inadequately protected. But the
underlying problem, according to GAO, is poor management. In some
ways, this is a ‘cultural’ problem. Our concentration on security
simply hasn’t grown at the same pace as our reliance on
computers."
Kevin
Mitnick, a self-described reformed hacker, testified that all computer
systems, government and industry, are vulnerable to attack. Mitnick,
who served 59 months and 7 days for breaking into Digital Equipment
Corporation’s computers said, "If someone has the time, the
money and motivation, they can get into any computer."
Also
testifying were Jack Brock with the Government Accounting Office (GAO)
and the Inspector General of NASA, Roberta Gross. Both expressed
support for the Thompson/Lieberman bill (S. 1993) which mandates good
management practices. Brock said, "We support S. 1993. It
provides a better management framework for addressing information
security issues and provides a mechanism for independently checking
how those issues are being addressed."
The third
and final panel offered an industry perspective with testimony from
Ken Watson, Manager of Critical Infrastructure Protection at Cisco
Systems, Inc. and James Adams, CEO of Infrastructure Defense, Inc., a
security consulting company. Adams added, "By stepping up to the
plate and tackling computer security with an innovative, bold
approach, the Thompson-Lieberman bill significantly boosts the chances
of reversing the current bureaucratic approach to a dynamic
problem."