Issues

Complaints
Funding
Governance
MOU
Responsiveness
Transparency

CRE Interventions
  Agency Administrative Actions
  Rulemaking
  Litigation

Government
  Federal Computer Incident Response Center
  National Infrastructure Protection Center
  National Telecommunications and Information Administration
 US Department of Commerce
 US Office of Management and Budget

NGO's
  Domain Name Rights Coalition
  Electronics Frontiers Foundation
  gTLD-MoU
  ICANN at Large
  Internet Society
  The Non-Commercial Domain Name Holders Constituency

Technical Orgs
CERT Coordination Center
Internet Architecture Board
Internet Assigned Numbers Authority
Internet Corporation for Assigned Names and Numbers
Internet Engineering Task Force
Internet Mail Consortium
Internet Research Task Center
Requests for Comments Editor

  

Don't Bury the Bureaucrats
At a recent hearing on federal cybersecurity issues by the House Government Reform Committee, one witness warned that the Federal Information Security Management Act (FISMA), the federal government's primary cybersecurity statute, "might do nothing more than bury bureaucrats in paperwork."

The witness explained that FISMA's while emphasis on the certification and accreditation of computer systems may be useful for new IT systems, the law was difficult to apply to existing systems and "runs the risk of becoming a paperwork exercise."

According to an article on ComputerWeekly.com, witnesses stressed the need for the federal government to do more to promote cybersecurity both within and outside the government. One key issue discussed at the hearing was the need for authentication. Specifically, a senior official of one technology company stated that the government needed to push for internet tools such as the Domain Name System (DNS) and Border Gateway Protocol (BGP) to include authentication security. The lack of authentication in the DNS and BGP makes "it relatively easy for hackers to redirect internet traffic."

Although the hearing made clear the need for increased federal work on cybersecurity standards and related issues, this is not to say that the government is ignoring the need to improve cybersecurity. A senior official at the White House Office of Management and Budget (OMB) defended federal cybersecurity efforts and explained that "OMB is committed to a federal government with resilient information systems. The dangers posed by the internet must not be allowed to significantly affect agency business processes or disrupt services to the citizen."

Improving cybersecurity is far too important to the entire country to allow the debate over which steps to take next to devolve into a round of either blaming the bureaucrats or pointing fingers at industry. Instead, federal agencies, industry and other stakeholders need to work collaboratively to secure the internet. There is no alternative.

  • See ComputerWeekly.com article


    • Copyright © 2004 The Center for Regulatory Effectiveness.
    All rights reserved.