Over the last decade, the federal government, like most private-sector organizations, has become increasingly dependent upon interconnected computer systems, including the Internet, to support its operations and account for its assets. This explosion in interconnectivity is beneficial, but the factors that generate these benefits--widely accessible data and instantaneous communication--also magnify the chance that the information will be misused, through fraud or other crimes, or that sensitive information will be inappropriately disclosed.
The Senate Governmental Affairs Committee, which I chair, has been investigating federal computer security and has found weaknesses that affect our health, safety, national security, and economic wellbeing. In a series of hearings over the last several years, my committee has heard from security experts, senior government officials, and the General Accounting Office (GAO) about the persistent security risks associated with the government's information holdings. GAO reports have detailed the gaps in the federal government's efforts to keep pace with advances in technology and their many applications. For example, last year the GAO reported to my committee that lax computer security at NASA allowed government specialists, in a trial run, to penetrate several mission-critical systems that would have allowed them to steal, modify, or destroy system software and data.
The Governmental Affairs Committee also released a report last year detailing poor computer security at the Internal Revenue Service (IRS). According to that GAO report, "weaknesses in IRS computer security controls continue to place IRS' automated systems and taxpayer data at serious risk to both internal and external attack." In other words, personal information, including social security numbers and other critical financial data, is highly susceptible to computer backers.
We know that federal agencies continue to use a bandaid approach to computer security rather than addressing the central problems that leave government computer systems vulnerable to repeated computer attacks. Recently, serious breaches of security at various "dot.com" companies called attention to the security of government computer systems.
As a result of the Committee's work in the area of information security and cyberterrorism, Senator Joseph Lieberman (D-CT) and I recently introduced S. 1993, the Government Information Security Act. This legislation would provide a comprehensive framework for federal agencies to make their systems more secure while providing continuous, uninterrupted services to the public. Our legislation is designed to enhance oversight of federal agency computer security efforts, make agencies accountable for their information security programs, require agencies to have an annual audit of their information security programs and practices, and highlight the importance of technology training for government workers.
Senator Lieberman and I recently held hearings to discuss this legislation and ways to better secure the government's computer systems in light of recent hacker attacks on commercial Internet sites. During those hearings, we learned that the federal government's underlying information infrastructure is still riddled with vulnerabilities that represent severe security flaws and risks to our national security, public safety, and personal privacy. After so many years of reports and expert testimony, there is still no organization-wide approach to preventing cyberattacks, and the security program management is totally inadequate.
The Governmental Affairs Committee, also during the hearings, heard testimony from Kevin Mitnick, a self-described reformed hacker, who testified that all computer systems--government and industry--are vulnerable to attack. Mitnick, who served 59 months and 7 days for breaking into Digital Equipment Corporation's computers, said, "If someone has the time, the money, and the motivation, they can get into any computer."
The threat of terrorism comes in many shapes, but in this technology-driven age, one of the most potentially destructive could be cyberattack. Instead of adversaries confronting us head-to-head on the traditional battlefield, where they would undoubtedly lose, they could confront the United States at its point of least resistance--that is, our information infrastructure. We need to be ready, and the Government Security Information Act provides a workable plan for achieving that readiness.
Senator Fred Thompson
Continuing a distinguished career across both public and private arenas, Fred Thompson was elected United States Senator from Tennessee in 1994 in his first campaign for office. He was returned for a full term by the voters in 1996.
In 1997, he was elected Chairman of the Governmental Affairs Committee, making him the most junior senator in history to serve as chairman of a major Senate committee. Thompson's committee has actively pursued an agenda aimed at producing a smaller, more efficient, and more accountable government. Within this committee, Thompson has held hearings on topics such as improving the federal regulatory process, reforming the IRS, reducing corporate subsidies, and exploring ways to eliminate government waste, fraud, and abuse.
Additionally, in 1997, Thompson's committee was chosen by the Senate leadership to conduct an investigation into alleged improper or illegal activities growing out of the 1996 federal campaigns. Thompson was appointed in the 106th Congress to the powerful Senate Finance Committee, which has jurisdiction over a number of major issues including taxes, Social Security, Medicare, Medicaid, welfare reform, and international trade.
Thompson grew up in Lawrenceburg, Tennessee. He received his undergraduate degrees in philosophy and political science from Memphis State University in 1964 and his law degree from Vanderbilt University in 1967. Two years after law school, Thompson was named an Assistant United States Attorney, and at the age of 30 was appointed Minority Counsel to the Senate Watergate Committee, where he served in 1973 and 1974.
Thompson has also acted in 18 motion pictures, including In the Line of Fire, Die Hard II, and The Hunt for Red October.
The Thompson-Lieberman Government Information Security Act
* Establishes federal agency accountability for information security as needed to protect the assets and operations of the agency cost-effectively by creating a set of management requirements derived from GAO "Best Practices" audit work
* Requires agencies to have an annual independent evaluation of their information security programs and practices to assess compliance with authorized requirements and to test the effectiveness of information security control techniques
* Vests responsibility for national security systems protection and oversight and other responsibility for classfied information systems with the Secretary of Defense and the Director of Central Intelligence
* Includes initiatives promoting increased flexibility and incentives for agency managers to attract the best and brightest information technology talent through the use of scholarships, fellowships, and federal service agreements
* Focuses on the importance of training programs and government-wide incident response handling
|Printer friendly Cite/link Email Feedback|
|Author:||Thompson, Fred D.|
|Date:||Mar 22, 2000|
|Previous Article:||E-COMMERCE IS A POWERFUL ECONOMIC ENGINE FOR 21ST CENTURY.|
|Next Article:||How Electronic Commerce Has Led to the Return of Personalized Marketing.|