Critical Information Infrastructure Protection: The Threat is Real : Hearing Before the Subcommittee on Technology, Terrorism, and Government Information of the Committee on the Judiciary, United States Senate, One Hundred Sixth Congress, First Session, on Examining the Protection Efforts Being Made Against Foreign-based Threats to United States Critical Computer Infrastructure, October 6, 1999, Volume 4
United States. Congress. Senate. Committee on the Judiciary. Subcommittee on Technology, Terrorism, and Government Information
U.S. Government Printing Office, 2001 - Administrative agencies - 59 pages
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
ability activities agencies Assurance attack Brock called cause Center Chairman Committee communications computer security concerned continue coordination critical infrastructure critical infrastructure protection cyber damage deal Defense Department depend detection developing direct disruption effectively efforts emergency ensure entities established event example federal agencies Federal Government Field Offices foreign going government agencies hackers hacking hearing identify implement important improve incidents increased individual industry initiative intelligence intrusions issue law enforcement look ment military national security networks NIPC operations organizations perform personnel policies private sector problem question recently requirements response result risks role Senator Feinstein Senator Kyl sensitive serious sharing significant sources specific statement technical Thank things threats tion types United Vatis virus vulnerabilities warnings weaknesses
Page 19 - Not surprisingly, foreign intelligence services have adapted to using cyber tools as part of their espionage tradecraft. Even as far back as 1986, before the worldwide surge in Internet use, the KGB employed West German hackers to access Department of Defense systems in the well-known "Cuckoo's Egg
Page 53 - Fourth, the Congress and the executive branch can use audit results to monitor agency performance and take whatever action is deemed advisable to remedy identified problems. Such oversight is essential for holding agencies accountable for their performance, as was demonstrated by the OMB and congressional efforts to oversee the Year 2000 computer challenge.
Page 52 - In particular, specific mandatory standards for varying risk levels can clarify expectations for information protection, including audit criteria; provide a standard framework for assessing information security risk; help ensure that shared data are appropriately protected; and reduce demands for limited resources to independently develop security controls.
Page 19 - Terrorists groups are increasingly using new information technology and the Internet to formulate plans, raise funds, spread propaganda, and to communicate securely.
Page 23 - The NIPC, in conjunction with the information originating agency, will sanitize law enforcement and intelligence information for inclusion into analyses and reports that it will provide, in appropriate form, to relevant federal, state and local agencies; the relevant owners and operators of critical infrastructures; and to any private sector information sharing and analysis entity.
Page 19 - Criminal Groups. We are also seeing the increased use of cyber intrusions by criminal groups who attack systems for purposes of monetary gain. In September, 1999, two members of a group dubbed the "Phonemasters" were sentenced after their conviction for theft and possession of unauthorized access devices (18 USC §1029) and unauthorized access to a Federal interest computer (18 USC §1030). The "Phonemasters...
Page 20 - Hacktivism refers to politically motivated attacks on publicly accessible Web pages or e-mail servers. These groups and individuals overload e-mail servers and hack into Web sites to send a political message.
Page 19 - Cantrell downloaded thousands of Sprint calling card numbers, which he sold to a Canadian individual, who passed them on to someone in Ohio. These numbers made their way to an individual in Switzerland and eventually ended up in the hands of organized crime groups in Italy. Cantrell was sentenced to two years as a result of his guilty plea, while one of his associates, Cory Lindsay, was sentenced to 41 months. The Phonemasters' methods included "dumpster diving" to gather old phone books and technical...
Page 23 - national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity." The PDD further states that the mission of the NIPC "will include providing timely warnings of intentional threats, comprehensive analyses and law enforcement investigation and response.
Page 52 - Third, ensuring effective implementation of agency information security and critical infrastructure protection plans will require active monitoring by the agencies to determine if milestones are being met and testing to determine if policies and controls are operating as intended. Routine periodic audits, such as those required by GISRA, would allow for more meaningful performance measurement.