Lawmakers aim to get tough on malicious code

House subcommittee members were frustrated Wednesday in their efforts to find out just who is releasing all of these computer worms and viruses.

Neither government officials nor industry experts testifying before the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census were able to identify the culprits.

When Deputy Assistant Attorney General John Malcolm could not provide a list of people prosecuted for hacking, Chairman Adam Putnam (R-Fla.) suggested that the Justice Department was not paying enough attention to the issue.

"I would reject that implication totally," said Malcolm, who heads the Criminal Division. "These are unusually complicated investigations." He called cybercrime a "high, high, high priority" for the department.

Malcolm said the U.S. Judicial Conference is reviewing federal sentencing guidelines and could increase penalties for computer crimes.

"I expect the sentences and prosecutions to commensurately increase" as the seriousness of computer crimes is recognized.

Norman Lorentz, the Office of Management and Budget's acting administrator of e-government and IT, and Lawrence Hale, director of the Federal Computer Incident Response Center, outlined their agencies' response to vulnerabilities exploited by recent worms.

OMB alerted agency CIOs and incident response centers via conference call, following up with an e-mail listing specific actions to be taken. Agencies were required to report back to OMB through FedCIRC on the implementation of countermeasures.

"This emergency notification and reporting process was instituted for the Microsoft RPC vulnerability in July and as a result, agencies were able to rapidly close vulnerabilities that otherwise might have been exploited by the Blaster worm," Lorentz said.

Even with this process, several thousand government computers were affected by recent worms, Lorentz said. "This impact ranged from a slowdown in agency e-mail to the temporary unavailability of internal agency systems."

Rep. Candice Miller (R-Mich.) said the Sobig.F worm "nearly crippled the House e-mail network," and called the recent worms, "terrorism, plain and simple."

Putnam criticized guidelines for handling software security vulnerabilities published recently by the Organization for Internet Safety. The voluntary guidelines call for a 30-day waiting period from the discovery of a to when it is announced to give software vendors a chance to prepare a patch. Absent from the guidelines is a role for the government in the process.

"We specifically excluded government from the drafting process," Scott Blake, a vice president of BindView Corp. of Houston and chairman of the OIS communications committee, said in July. "We felt that involving the U.S. government would limit the document's international appeal."

Putnam said at the hearing, "there is a very important role for government to play in the disclosure process. It is simply not acceptable for vendors to determine on their own who gets notified and when. It is imperative that the appropriate government entities be involved in this process from the very beginning."

OIS co-founder Christopher Wysopal, who testified at Wednesday's hearing, did not address the issue.

William Jackson writes for Government Computer News magazine.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.