(WEB HOST INDUSTRY REVIEW) — By simply instituting proper configuration policies and network monitoring, about 80 percent of online attacks could be prevented, according to National Security Agency information assurance director Richard Schaeffer, who spoke before a Senate committee Tuesday.
Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security, heard Schaeffer and several other experts, who offered their expertise on how the government should address government and private-sector IT security concerns. According to reports from Wired an other news agencies, Schaeffer also added that by just following the already known best practices would force attackers to take more risks to breach a network, making them more easily detectable.
The US government has been recently pursuing an aggressive online security campaign. At July’s Black Hat 2009 conference, deputy assistant secretary of defense for cyber identity and information assurance, Robert Lentz, said now is the time to secure and preserve the web. “This really has to be our number-one priority. Everything we do is all about preserving the Internet,” he said to a Black Hat audience. “If there’s anything we need to do, it’s to all team up together and make this a global issue as we deal with this fragile ecosystem.”
The Tuesday meeting will likely prove helpful in the Department Homeland Security’s implementation of its intrusion detection and monitoring system, known as Einstein, as well as a broader nationwide cyber incident response plan, according to a FederalNewsRadio report. DHS national protection and programs directorate deputy undersecretary Phil Reitinger said a draft should be filed by late December or early January, and it will face its initial testing in 2010. “We need in the event of significant incident to be able to respond as one nation,” Reitinger said. “The plan [will provide] a highly actionable set of policies and procedures that will enable all of different government agencies to work effectively with the private sector in the event of a significant incident.”
The topic of how cyber crimes should be prosecuted also came up at Tuesday’s Senate Judiciary Subcommittee on Terrorism and Homeland Security. , associate deputy attorney general James Baker said that the current legal structure is not adequate to investigate and prosecute cyber criminals, according to FederalNewsRadio.
“This is a complex set of legal authorities that governs in this area,” Baker said. “The Constitution, federal statues, state law, foreign law and international law all have an impact in this area. The legal regime currently enables law enforcement and intelligence officials to obtain authorizations to obtain vital information through electronic surveillance and other collection means. However the evolution of technology, of our dependence on technology and our adversaries’ exploitation of vulnerabilities in that technology raises question of whether are statutes are adequate to address the cyber threats of today and at the same time protect privacy and civil liberties.”
As a sign that law is catching up to online accused criminals, the New Jersey man, who was the first to be criminally arrested for domain name theft in the US, was recently indicted on charges relating to his theft of a domain name, which he then sold on eBay for $111,000.
