Computer Security- official position 2002

Computer Security

Senate Governmental Affairs Committee Chairman Fred Thompson (R-TN) reminded a packed hearing room on March 2, 2000, ? that the federal government?s underlying information infrastructure is "riddled with vulnerabilities which represent severe security flaws and risks to our national security, public safety, and personal privacy "Year after year, expert witnesses have told this committee that an underlying cause of federal information security vulnerabilities is inadequate security program planning and management," said Thompson.
"What is most alarming to me is that after all this time, and all these reports and expert testimony, there is still no organization-wide approach to preventing cyberattacks. And the security program management is totally inadequate. This is yet another example of how difficult it is to get the federal bureaucracy to move, even in an area important as this."
Kevin Mitnick, a self-described reformed hacker, testified that all computer systems, government and industry, are vulnerable to attack. Mitnick, who served 59 months and 7 days for breaking into Digital Equipment Corporation?s computers said, "If someone has the time, the money and motivation, they can get into any computer."
Also testifying were Jack Brock with the Government Accounting Office (GAO) and the Inspector General of NASA, Roberta Gross. Both expressed support for the Thompson/Lieberman bill (S. 1993) which mandates good management practices. Brock said, "We support S. 1993. It provides a better management framework for addressing information security issues and provides a mechanism for independently checking how those issues are being addressed."
The third and final panel offered an industry perspective with testimony from Ken Watson, Manager of Critical Infrastructure Protection at Cisco Systems, Inc. and James Adams, CEO of Infrastructure Defense, Inc., a security consulting company. Adams added, "By stepping up to the plate and tackling computer security with an innovative, bold approach, the Thompson-Lieberman bill significantly boosts the chances of reversing the current bureaucratic approach to a dynamic problem."
S. 1993, the Government Information Security Act was introduced by then Chairman Thompson and Ranking Minority Member Joseph I. Lieberman (D-CT) on November 19, 1999. This legislation was the result of the Governmental Affairs Committee oversight work in the area of information security and cyberterrorism.
It is intended to protect Federal government information systems from cyberattack. Among other things, S.1993 would strengthen the Office of Management and Budget?s information security duties, consistent with its existing responsibilities under the Paperwork Reduction Act; establish Federal agency accountability for information security as needed to cost-effectively protect the assets and operations of the agency; provide for the application of a unified and logical set of government-wide controls by including national security systems within the application of the legislation; and require agencies to have an annual independent evaluation of their information security programs and practices.

http://web.archive.org/web/20020616042107/thompson.senate.gov/text/compsec.html