|
|
 |
|
 |
 |
| E-SECURITY | |
 February 15, 2000 
|
||
|
|
Internet industry experts discuss government measures to ensure cyber security, after a background report.
|
|
GWEN IFILL: Today at the White House, topic "a" was cyber security. PRESIDENT CLINTON: What we're going to try to do GWEN IFILL: Two dozen technology executives, academics, privacy advocates, and public officials met with the president today. At issue: How to protect Internet Web sites without encouraging unnecessary government interference. HARRIS MILLER, Information Technology Association of America: In an
automobile, certain standards get set. They meet these specifications
and that sits in place for several years so everybody knows that. Unfortunately
in the GWEN IFILL: The FBI is still searching for hackers who flooded several popular Web sites with information last week, clogging the Internet and taking several sites off-line for hours at a time. Today's White House meeting, scheduled even before last week's breakdown, is part of a $2 billion Clinton administration cyber security initiative. That plan would provide training and better protection for government computers; it also would attempt to strengthen partnerships with the private sector.
|
 |
||||||||||||||||||
| Should government have a role? | ||||||||||||||||||||
|
GWEN IFILL: For more on the intersection of government and the Internet, we are joined by Milo Medin, chief technology officer of Excite@Home, a company that delivers high-speed Internet access and provides news, entertainment, and communication services. Excite was one of several companies disrupted by hackers last week. And Phillip Lacombe, vice president of cyber assurance for Veridian Corporation, which performs network security management for private and public companies. He is also former executive director of the President's commission on Critical Infrastructure Protection. And Mark Cooper, director of research for the Consumer Federation of America. Philip Lacombe, what role does government really have in this kind of policing of the Internet or should have?
GWEN IFILL: Milo Medin, is that workable? MILO MEDIN, Excite@Home: I think so. Part of the GWEN IFILL: But, Mark Cooper, he just talks about how ungovernable basically the Internet is. Is that realistic to think that... it's one thing to talk about how everyone should work together. It's another thing to figure out how to do that.
GWEN IFILL: That was part of the goal of this meeting today. The White
House has already come up with a couple of proposals, among them it
would like to develop a tracking system for federal and private-sector
computer PHILLIP LACOMBE: The industry is going to fulfill its responsibility to police itself to provide which is in its best interest secure networking capability for its customers. That's the purpose of the industry. That's what we're doing. And we intend to pursue that to the best of our ability. We believe that we have a relationship and responsibility with the government to do that, and that there are things that the government has a responsibility for: Enforcing the law, tracking down people who do harm, whether they do it using cyber tools or physical tools. It's very much the same.
|
 |
|||||||||||||||||||
| What is too invasive? | ||||||||||||||||||||
|
GWEN IFILL: That's after the fact. It sounds like these proposals are talking about....
One of the hard parts is that old laws that apply in real space may be hard to apply in cyberspace, which is a new place. So maybe we need new laws or maybe the old laws just can't work. And what we have to work out is the principles of privacy that we had in real space, we may want in cyberspace. Technology is very powerful so we have to be very careful in solving one problem we don't create other problems. GWEN IFILL: Milo Medin, one of the things the president was asked today during his little briefing was after last week's attacks, it became clear that a lot of bank computer experts had gotten advance warning about this, but this was something that either wasn't sure with the government or other industries. Is that a weak link? MILO MEDIN: I think, in general, some industries prefer GWEN IFILL: You all three are talking about the government working together with the private sector but I guess I just don't know what that means if the three specifics that I stated that anybody here is rushing to embrace. MILO MEDIN: Part of the problem is because of the explosion in the Internet economy, a lot of people -- people like myself who used to work for NASA -- have left the government and are in the private sector. And it's very difficult particularly in law enforcement to hold on to people. A lot of the FBI agents, et cetera, are not given the set of tools and capabilities they need to actually go out there and help. We have to work with the agencies to be able to go out there and actually find these people and prosecute them. It's not something to be done by one person.
GWEN IFILL: And leading the way for the private sector who wants to protect itself rather than looking to federal government to do the same. PHILLIP LACOMBE: As I said, I believe it's a joint MARK COOPER: The most important thing here is we're having a discussion about what government can do and should do. One of the difficulties we have is the minute we say we need a rule here, everyone says don't regulate the Internet. The Internet needs to be regulated and will be either by private sector, but also by public sector. So once you admit and recognize that you need rules for cyberspace, just like you have in real space, then we can start to address the problem in an open and educated, informed way. GWEN IFILL: You talked a minute ago about playing by old rules with new rules out here to be pursued. For instance, how does the FBI police something that crosses international boundaries? We heard in the News Summary about the Canadian Mounties, the Royal Mounties getting ready to pursue these hackers. How do we do that?
|
 |
|||||||||||||||||||
| Silicon Valley and Washington | ||||||||||||||||||||
|
GWEN IFILL: How big a problem is it at its root that so many... There is such distrust between Silicon Valley and Washington…How do you begin to figure out what it is that the federal government and the private sector can work together on… PHILLIP LACOMBE: This is a step in that direction.
PHILLIP LACOMBE: This is a step in that direction, the president's meeting, the fact that we have a Secretary Daly in the Department of Commerce leading a partnership of over 130 companies that are coming together later this month to work in that direction. I think we see those... evidence of the industry beginning to work together even more, and industry working with government. GWEN IFILL: Milo? MILO MEDIN: I would also say that while there is some hostility over certain issues, like encryption and other things regarding export controls, Washington and Silicon Valley both need to work together closer. I know we work with the government quite well, and, you know, the policy-makers, I think, have taken a position that says, "we're going to look first to see if the industry can deal with problems and solve them themselves before we step in. Because predicting the future is a very, very hard thing to do. And the technology moves so quickly that by the time you put regulations and rules in place, it may only apply to something that used to be the situation. GWEN IFILL: But aren't some of these rules already in place? Isn't it just a question of knowing how to use them? MILO MEDIN: And the tools and the motivations to law enforcement to actually be able to exercise those rules and be able to prosecute people.
MILO MEDIN: And the resources. MARK COOPER: When you design the network, you're making the rules. If you make choices about infrastructure, about how you deploy your routers, about the way people access them, you're actually making the rules. The important point is that if the Internet -- and Silicon Valley -- wants to be the dominate institution in society, the super highway, if you will, then they have to meet the government because in our society, that government plays a role in insuring certain basic values. And they have now suddenly started to meet very reluctantly the government. MILO MEDIN: We've done it for a while. MARK COOPER: But they now understand that you need the government to impose these rules and we're getting over this notion that if it's government, it can't be good for us because in order to affect all of our lives, you have to start to accept those responsibilities. GWEN IFILL: It sounds like a long and winding road yet. Philip Lacombe, Mark Cooper, Milo Medin, thank you very much.
|
 |
|||||||||||||||||||
 |
   
|
|
| Support the kind of journalism done by the NewsHour...Become a member of your local PBS station. | ||
| ||
| PBS Online Privacy Policy Copyright ©1996- MacNeil/Lehrer Productions. All Rights Reserved. | ||
| ||
today
is to talk about what the government's responsibility is for our own
systems and networks, what the private sector's responsibility is --
and, as I said before, how to talk about having adequate security, how
to protect privacy and civil liberties but also how to keep the Internet
open. Keep in mind that one of the reasons this thing has worked so
well is it has been free of government regulation. 
Internet,
the security challenges are new every day. And every time someone comes
up with a counter measure, then you have the possibility of someone
coming up with a new threat. I think what happened last week and the
last few weeks has helped to focus the attention of many people in the
industry that they are going to have to put more resources into security.
Meanwhile,
the FBI reportedly has narrowed its search for those responsible for
the hack attacks, interviewing potential suspects, and talking to a
hacker known as Mixter, the man who wrote the software believed to be
used in the attacks. This week, Mixter released technical information
on that program, known as "Tribe Flood Network." The program
lets a computer user tap into perhaps hundreds of computers and secretly
install software. That software acts like a time bomb, prompting the
computers at a preset time to bombard online sites. The result: system
overload, and in computer parlance, denial of service. In the last few
days, the FBI has discovered that computers at several California universities,
including UCLA and UC-Santa Barbara were unwitting conduits for the
last week's attacks. And at Stanford, the software infiltrated a piece
of hardware known as a router, a central hub for the university's Internet
data. 
PHILLIP
LACOMBE, Veridian Corporation: Well, I believe that the Internet is
an infrastructure which supports a variety of America's critical infrastructures
on which Americans rely for business, for all manner of economic activity
and for the functioning of our daily institutions. That Internet must
be available and, therefore, it is the responsibility of both the public
sector, the government, and the private sector, which owns and operates
those networks and those companies that provide the communications to
provide security. So we believe it's a joint public and private, jointly
shared infrastructure responsibility because our day-to-day economic
health, our national institutions and our national security rely on
the availability and the trustworthiness of the Internet and related
networks. 
challenge,
of course, is that the network is run by different organizations. And
there's no central management. But it's not in any of the companies'
best interest to have the system be unstable overall. So we try and
work together to assure the stability and connectivity of the system,
but we also have to work for the government and law enforcement to be
able to better identify problems and prosecute those who cause them.
MARK
COOPER, Consumer Federation of America: Well, in fact, the Internet
can, should and will be subject to social order. There will be rules,
call them regulation, if you want. The question is how do we set those
rules? And in our society, we get to choose the values that the Internet
will maximize in our society: Freedom of expression is one, commerce
is another, but privacy is another -- the ability to choose, to protect
your own interests. And the key for us is to make sure that we do that
in an open and democratic process. Do we make those choices consciously
to demonstrate American values and let the companies make profits as
long as they don't violate my free speech, my privacy, et cetera? And
we constantly make those choices. The thing we have to do is know that
we're making those choices and let people participate in those choices.
networks,
also to make it easier to wire tap phone and data lines and also to
slow the proliferation of companies' ability to encrypt their information
-- which is to be able to provide more code-breaking access on the Internet.
Is this something which you could imagine, Philip Lacombe, is this something
that you could imagine the industry accepting? 
MARK
COOPER: Our concern is the problem is that you know, you can probably
put a surveillance camera in every computer in the world and watch everything
I do. This technology is powerful. I get so say, "Wait a minute,
find another way because that's too invasive." And the important
point is technology can do whatever it wants to do. We have to tell
it what to do. I'm sure a lot of people will say, that solution is just
too invasive; find another way to track people down and maintain social
order. And that's the point of making sure that we make these decisions.
not
to disclose their security problems or break-ins for fear of upsetting
the economic markets' trust in the institution, et cetera. We have to
work together to be information because the hackers work together, together
in sharing tools and ways of breaking into systems. So the government
and industry together have to be able to understand what's going on,
what the attacks are, developing counter measures proactively and most
importantly, I think, getting the word out to people about how to prepare
their systems and how to be able to deal with these things, not reactively
but before the attacks come. 
PHILLIP
LACOMBE: If I might, Gwen, you mentioned the Federal Intrusion Detection
Network. That is actually a proposal contained in the national plan
released by the White House and the critical infrastructure insurance
office I think two weeks ago. That is actually a plan in which the government
would protect its own networks. It would, in essence, lead by example,
by providing the intrusion detection required so that it could insure
that its networks were available when needed and secure. That seems
to me to be a rather prudent step by the government, a way of, as I
said, leading by example. 
responsibility
but largely the private sector is responsible for protecting itself,
yes.
MARK
COOPER: The really new thing about the Internet is it makes the technologies
control and the ability to speak and enter, it changes the balance.
It destroys the old balance that we have in real space, and so we struggle
to figure out how to control the freedom that it gave us, but, in fact,
if we don't control it, we will end up with anarchy. And that's when
people start to address the problem and say, look, we want this tremendously
powerful economic and social institution but we have to put some rules
in place. And now we're getting over the question of any rule is bad.
No, we need some rules here. International is a big problem. If I get
defrauded in the Internet, where do I sue? Well, what we have to do
is agree on a place where we can impose that order. We would like it
to be in our country. The other countries want it in their countries,
international institutions, but we have to decide some way to impose
order. 
GWEN
IFILL: Excuse me. 
GWEN
IFILL: And the resources.