- Email: [email protected]
Deputizing US information security personnel
SECURITY REPORTS The FBI field offices are bolstered by NSA personnel assigned to provide 'technical assistance' to the field activities. The largest FBI field offices are located in New York, Washington, Los Angeles, San Francisco, Miami, Chicago, Houston, New Orleans, Baltimore and Atlanta. Unlike the NSA detailees at the NIPC, the NSA technical field personnel are assigned directly from Fort Meade and do not fall within the FBI's management structure. The NSA personnel are involved in the wiretapping of computer networks and monitoring Internet Service Provider activity under Title III and 18 US Code 2703 (d) authorizations, respectively. They also assist in the examination of computer media seized as a result of court-ordered search warrants.
"an unclassified compendium of attacks on the national infrastructure."
Critics of the NIPC point out that the new agency is nothing more than a domestic intelligence-gathering activity. The FBI cover permits the NSA, an agency charged with foreign communications intelligence gathering, to extend its reach into the United States. Others claim that if the US Government was truly interested in critical infrastructure protection, the NIPC would have been within the Federal Emergency Management Agency (FEMA).
Deputizing US Information Security Personnel Wayne Madsen n 24 November 1998, the large intelligence and military contractor, SAIC, a n n o u n c e d a certificate programme for information security personnel. The company also unveiled its Center for Information Security Education. The certificate programme is being offered in conjunction with George Washington University with a follow-on master's degree programme. SAIC and George Washington envisage college and graduate students
O
Computer Fraud & Security January 1999 3723/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved
working on 'real world' information security projects, presumably including projects contracted to SAIC by Federal agencies like NSA, CIA, and the D e f e n s e D e p a r t m e n t . P a r t i c i p a n t s in the SAIC/GWU programme will also be invited to take part in blue ribbon panels formed under the aegis of the White House's Critical I n f r a s t r u c t u r e / National Information Infrastructure Assurance programmes. The information security education programme follows calls by Linton Wells, the Deputy Undersecretary of Defense for Policy Support, for the Pentagon to create a GI-Bill type programme to train computer security professionals. The Pentagon's Defense Science Board earlier recommended loaning D e f e n s e D e p a r t m e n t personnel to the civilian g o v e r n m e n t and private sectors to improve infrastructure protection. Some information security specialists view the SAIC announcement as beginning the process of fulfilling the Defense Science Board's r e c o m m e n d a t i o n that a 'closed c o m m u n i t y ' of information security experts be established for information warfare purposes. Educating such a cadre of personnel was a key recommendation of the report of the P r e s i d e n t ' s C o m m i s s i o n on Critical Infrastructure Protection (PCCIP) issued in October 1997. In an October 1998 report titled "Critical Infrastructure Protection and the Endangerment of Civil Liberties", the Electronic Privacy Information Center in Washington termed administration proposals to train information security personnel as a step in creating a "virtual cyber Stasi". In addition, the International Information Systems Security Certification Consortium (ISC2), a body representing over 1000 international Certified Information System Security Professionals said it "rejects any suggestion that there should be a federal government role in vetting, clearing, qualifying, certifying, or licensing information security professionals outside the government. The federal government has failed to demonstrate any necessity to do so. They have r e p e a t e d l y failed to d e m o n s t r a t e any special c o m p e t e n c e in doing those things, failed to demonstrate that they are effective in achieving the benefits claimed for them, or the ability to limit the inherent potential for abuse."
11
"an unclassified compendium of attacks on the national infrastructure."
Critics of the NIPC point out that the new agency is nothing more than a domestic intelligence-gathering activity. The FBI cover permits the NSA, an agency charged with foreign communications intelligence gathering, to extend its reach into the United States. Others claim that if the US Government was truly interested in critical infrastructure protection, the NIPC would have been within the Federal Emergency Management Agency (FEMA).
Deputizing US Information Security Personnel Wayne Madsen n 24 November 1998, the large intelligence and military contractor, SAIC, a n n o u n c e d a certificate programme for information security personnel. The company also unveiled its Center for Information Security Education. The certificate programme is being offered in conjunction with George Washington University with a follow-on master's degree programme. SAIC and George Washington envisage college and graduate students
O
Computer Fraud & Security January 1999 3723/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved
working on 'real world' information security projects, presumably including projects contracted to SAIC by Federal agencies like NSA, CIA, and the D e f e n s e D e p a r t m e n t . P a r t i c i p a n t s in the SAIC/GWU programme will also be invited to take part in blue ribbon panels formed under the aegis of the White House's Critical I n f r a s t r u c t u r e / National Information Infrastructure Assurance programmes. The information security education programme follows calls by Linton Wells, the Deputy Undersecretary of Defense for Policy Support, for the Pentagon to create a GI-Bill type programme to train computer security professionals. The Pentagon's Defense Science Board earlier recommended loaning D e f e n s e D e p a r t m e n t personnel to the civilian g o v e r n m e n t and private sectors to improve infrastructure protection. Some information security specialists view the SAIC announcement as beginning the process of fulfilling the Defense Science Board's r e c o m m e n d a t i o n that a 'closed c o m m u n i t y ' of information security experts be established for information warfare purposes. Educating such a cadre of personnel was a key recommendation of the report of the P r e s i d e n t ' s C o m m i s s i o n on Critical Infrastructure Protection (PCCIP) issued in October 1997. In an October 1998 report titled "Critical Infrastructure Protection and the Endangerment of Civil Liberties", the Electronic Privacy Information Center in Washington termed administration proposals to train information security personnel as a step in creating a "virtual cyber Stasi". In addition, the International Information Systems Security Certification Consortium (ISC2), a body representing over 1000 international Certified Information System Security Professionals said it "rejects any suggestion that there should be a federal government role in vetting, clearing, qualifying, certifying, or licensing information security professionals outside the government. The federal government has failed to demonstrate any necessity to do so. They have r e p e a t e d l y failed to d e m o n s t r a t e any special c o m p e t e n c e in doing those things, failed to demonstrate that they are effective in achieving the benefits claimed for them, or the ability to limit the inherent potential for abuse."
11