Index


DATE=3/29/2000
TYPE=CORRESPONDENT REPORT
TITLE=COMPUTER SECURITY (L-ONLY)
NUMBER=2-260749
BYLINE=CANDACE WILLIAMS
DATELINE=WASHINGTON
INTERNET=YES
CONTENT=
VOICED AT:


INTRO:  U-S government and private industry computer 
analysts say U-S federal agencies must do more to 
protect their computer networks from hackers and 
others seeking unauthorized access.  The warning was 
issued Wednesday in Washington during a House 
subcommittee hearing on computer security.  V-O-A's 
Candace Williams has more. 


TEXT: Recent audits and other reviews have uncovered 
lapses in computer security practices at virtually 
every major federal government agency.

Jack Brock, a computer expert from the General 
Accounting Office, said one weak spot was the 
Environmental Protection Agency.  Mr. Brock said a 
recent investigation showed how easily unauthorized 
users could break into its networks. 

            /// FIRST BROCK ACT ///
	
      We were able to penetrate the firewall, which 
      was largely ineffective, penetrate limited 
      access controls  and essentially could have had 
      access to most of the information and processes 
      that ran throughout the entire agency.  The 
      entire agency in this case was vulnerable. 

            /// END ACT ///

Mr. Brock said reviews also uncovered lapses at the U-
S Defense Department, the U-S Space Agency, the State 
Department and Veterans Administration.  But he said 
that the agencies had taken what he called significant 
strides to better safeguard their systems. 

Mr. Brock said many agencies do not have relevant 
security program planning and management policies.  He 
stressed that effective computer security systems must 
be tailored to the needs of a particular agency.

            /// OPT ///

            /// SECOND BROCK ACT ///

      Computer security programs have to support the 
      organizational mission and goals of the agency. 
      They can't be divorced from what the agency does 
      or they're not relevant. 

            /// END ACT ///

An official at the National Space Agency, David 
Nelson, says computer security is most effective when 
management, technical support staff, and network users 
fully understand the importance of the issue and work 
together.

            /// NELSON ACT ///

      Over the last two years, NASA has developed or 
      acquired new training material for managers, 
      system administrators and users.  This training 
      is now mandatory for all civil servants.  

            /// END ACT ///

            /// END OPT ///

The experts told lawmakers the best defense is common 
sense.  They say computer systems become vulnerable to 
intruders when passwords are shared or when anti-viral 
software programs and other firewalls are not in 
place.

They say agencies must take advantage of readily 
available tools -like encryption codes and special  
software - to protect themselves, given the increasing 
sophistication of computers and the people who use 
them. (Signed) 

NEB/CAW/TVM/gm



29-Mar-2000 18:44 PM EDT (29-Mar-2000 2344 UTC)
NNNN

Source: Voice of America
.