Which intrusion is worse?

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
Redefining Mission Security
Presented By Babel Street
Download Now
Defending government cloud against advancing threats
Presented By CrowdStrike
Download Now
By FCW Staff,
FCW

By FCW Staff,
FCW

|

The debate over a federal intrusion detection system which would collect data on information security breaches and then distribute warnings governmentwide should not center on whether the government needs such a system but on how it should be built.

The debate over a federal intrusion- detection system — which would collect

data on information security breaches and then distribute warnings governmentwide — should not center on whether the government needs such a system but on

how it should be built.

Unfortunately, such a system — once called the Federal Intrusion Detection

Network and now named the Automated Intrusion Detection Capability — faces

several formidable obstacles. The technology required would be some of the

most advanced available. But agencies worry about retributions that may

come from submitting embarrassing security breaches to an outside agency.

And Congress wrings its hands over a system that may open up Americans'

private transactions with government to outside eyes.But the fact of the

matter is that such a system is needed to protect private data such as Social

Security numbers, individual health data, and nuclear weapons information.

As government conducts more business online, an effective system that

monitors cyberattacks and gets the word out on how best to patch security

holes will be needed more than ever.

To be sure, certain privacy concerns — especially concerning when and

how law enforcement agencies such as the FBI will be involved when cyberattacks

are reported — must be carefully thought out. As pointed out by a security

expert in this week's cover story (Page 18), the government doesn't want

another Wen Ho Lee incident, in which the government's zeal to secure computers

overruns individuals' rights. But those who oppose the monitoring system

for privacy reasons put at risk the very privacy they seek to protect.

Officials with the Critical Information Assurance Office have met with

several members of Congress and their staffs to allay privacy concerns and

explain exactly what the monitoring system will and will not do. The CIAO

may think about doing the same with agencies and offer assurances about

how the security data they submit to it will be used.

If Congress genuinely believes in protecting Americans' privacy, it

must adequately fund a security monitoring system. And if agencies want

to do the same, they should support the system, too.

NEXT STORY: Europe faces PKI Challenge