While many of the government's computer systems are secure, federal agencies' Web interfaces with the public are the weakest links, two security experts told lawmakers Monday.
Members of the House cybersecurity team and other lawmakers toured computer security firms in Northern Virginia Monday, including online security firm Global Integrity. Company President Dan Wooley and William Marlow, the company's executive vice president, also cited the need to provide companies with some exemption from the Freedom of Information Act to ensure that proprietary information that they share with the government about a cyberattack is not revealed. Reps. Tom Davis, R-Va., and James Moran, D-Va., are expected soon to introduce a bill addressing that issue.
In the area of computer security, House cyber team leader J.C. Watts, R-Okla., chairman of the House Republican Conference, and four other House members sent a letter Friday to Rep. Harold Rogers, R-Ky., chairman of the House Appropriations Commerce, Justice and State Subcommittee, requesting that $250 million be appropriated to fund an information security pilot program at five agencies. The agencies include the Defense and State Departments and the Environmental Protection Agency, which has been criticized for its information security practices.
"Governmentwide policies for the management of programs that support the cost-effective security of federal information systems remain inadequate," Watts wrote along with Davis and Reps. Pete Sessions, R-Texas, James Rogan, R-Calif., and Bill McCollum, R-Fla.
Rep. Bob Goodlatte, R-Va., said he would like to see the Clinton administration hold an international summit on cybersecurity. If the administration fails to act, he suggested that Congress may have to pass a resolution urging the president to take such an action.
"There's a great need for greater international cooperation" on the issue, Goodlatte said.
On the tour, Wooley said denial of service attacks and damage to a company's reputation were the biggest potential losses for companies when they are attacked. An employee showed a group of lawmakers how a hacker might break into a bank Web site and potentially steal money from an account.
NEXT STORY: Reader Survey!