DAVID@SIMSC.BITNET (David Bridge, MSC VAX System Manager) (12/07/90)
(Cross posted to Security-L, Virus-L, and Ethic-L). This is only some key points from the story. Front page story, Washington Post, December 6, 1990 (cont. on page 11). "Computers Vulnerable, Panel Warns Networks Susceptible to hackers, accidents. "American's increasingly computerized society will become dangerously vulnerable to attacks by criminals and high-tech terrorists unless new nationwide computer security precautions are taken soon, a National Research Council committee announced yesterday." ... "The committee's 18-month study, released yesterday [December 5 ?], calls for adoption of broad new national standards for hardware and software safety, reliability and security measures. It also urges the creation of a nonprofit foundation to oversee and monitor compliance. These steps are necessary, committee members warned, because more individual personal computers are "networked" into nationwide systems, because a "quantum leap in computer literacy" has enabled more people to create computer weapons,..." "The modern thief can steal more with a computer than with a gun," the report said. "Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb." ... "The report recommends six immediate "key actions", including the adoption of "general accepted system security principles" analogous to the national standards now used in accounting and building construction." ...more ======================================================================== The chairman of the 16-person panel is/was David Clark of MIT. Does anyone have the full title of the report and length ? Where can a copy of the report be obtained ? (address, cost, etc.) David Bridge Smithsonian Institution BITNET: DAVID@SIMSC
dittrich@milton.u.washington.edu (Dave Dittrich) (12/14/90)
DAVID@SIMSC.BITNET (David Bridge, MSC VAX System Manager) writes: >Front page story, Washington Post, December 6, 1990 (cont. on page 11). > >"Computers Vulnerable, Panel Warns >Networks Susceptible to hackers, accidents. > > (stuff about the article and quotes from report deleted) > >Does anyone have the full title of the report and length ? >Where can a copy of the report be obtained ? > (address, cost, etc.) The Government Accounting Office (the investigative arm of the Congress) recently released a report on computer security. It was made available on the Internet, although for the life of me I cannot remember where I found it. I could not find the quotes that were mentioned in Davids post, but have included the contents page from the report to describe what it contains. It may be of interest anyway to those that have not already seen it. The report is 112962 bytes in length, so I will only post it if there is sufficent interest. (I'll let the moderator be the judge of "sufficent interest"). - ------------------ Excerpt from report follows ----------------- United States General Accounting Office GAO Report to the Chairman, Subcommittee on Telecommunications and Finance, Committee on Energy and Commerce House of Representatives June 1989 COMPUTER SECURITY Virus Highlights Need for improved Internet Management GAO/IMTEC-89-57 Contents Page EXECUTIVE SUMMARY 2 CHAPTER 1 INTRODUCTION 10 Internet Evolves From 10 an Experimental Network Rapid Growth of the Internet 12 Management in a Decentralized 12 Environment Future of the Internet 14 Internet Virus Spread Over 15 Networks to Vulnerable Computers Objectives, Scope, and 17 Methodology 2 VIRUS FOCUSES ATTENTION ON 19 INTERNET VULNERABILITIES Impact of Virus 19 Vulnerabilities Highlighted 20 by Virus Actions Taken in Response 26 to Virus Conclusions 28 Recommendation 30 3 FACTORS HINDERING PROSECUTION 32 OF COMPUTER VIRUS CASES No Statute Specifically 32 Directed at Viruses Technical Nature of Virus- 34 Type Incidents May Hinder Prosecution Proposed Legislation on 35 Computer Viruses and Related Offenses Conclusions 36 APPENDIXES APPENDIX I History of Computer Viruses 37 APPENDIX II Research Aimed at Improving 43 Computer and Open Network Security APPENDIX III Major Contributors to This Report 49 - ------------------------ End of excerpt ------------------------ - -- Dave Dittrich Dept. of Chemistry BG-10, University of Washington, Seattle, WA 98195 dittrich@u.washington.edu ...!uw-beaver!u.washington.edu!dittrich "Teachers are the only profession that teach our children." Dan Quayle