[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] NET Guard Dying Quietly


By Colin C. Haley
April 11, 2003

On Capitol Hill, most bills die young, smothered in their cribs by
partisanship, philosophical differences or simple lack of money.

But even with the president's blessing, there's no guarantee a law
will achieve its authors' high-minded aims. Some languish in the
statute books, unworkable and unused.

That could be the fate awaiting the Science and Technology Emergency
Mobilization Act -- at least a key part of it.

Passed last year, the measure calls for a National Emergency
Technology (NET) Guard -- a group of tech-savvy volunteers to prevent,
or at least mimimize, the sort of network gridlock that added to the
confusion and fear the morning of Sept. 11.

"It is essential to ensure that America's anti-terrorism efforts tap
the tremendous science and technology talents of the private sector,"  
Sen. Ron Wyden (D-Ore.) said in a floor speech last July.

In early December, Wyden's spokeswoman said it might take a year
before the program was running. But now, five months later, nothing
has been done, and there's a real possibility nothing ever will be.

The Difference Between Shall and May

Though there are a slew of practical reasons NET Guard has not
progressed, the mechanism enabling inaction is contained in the bill's

In a town where the definition of "is" has been parsed, phrasing is
paramount. Imprecision yanks the teeth from criminal law, opens gaping
and unintended loopholes in tax law, and in this case, allows an
agency to opt-out of administrative law.

"The law says that our department may enact a system like NET Guard,
it doesn't actually require it," said David Wray, a spokesman for the
Department of Homeland Security Department, which is charged with
overseeing NET Guard.

The statute says the president "shall" pick a department to keep a
list of volunteers, but two paragraphs later says DHS "may" decide to
organize them in regional teams and help them contact each other.

Since it's unclear if NET Guard will even be formed, there is no
effort to recruit volunteers, and no database to maintain.

"We are looking at it but we have an awful lot to do and have to do,"  
said Wray, adding that the war with Iraq has caused DHS to focus on
issues other than NET Guard.

"Conceptually NET Guard has a lot of appeal," said John L. Williams,
co-founder and CTO of Preventsys, a Carlsbad, Calif., network security
firm. "Say I'm a guy on commercial side of house, I exist to make
money, but there's a new world out there where terrorists attack
national interests -- and I can do something about it."

Williams cites Howard Schmidt's recent move from Microsoft executive
to White House cybersecurity chief, as an example of this new, or
perhaps rediscovered public spirit.

Too Many Questions

War or no war, there are too many questions for NET Guard to advance
beyond an appealing concept.

How much time will it take to organize? What are the qualifications
for members? How will they be screened? Would they be compensated?  
What allowances would their employers be asked to make?

With the military's National Guard and Reserve units (the ideological
model for NET Guard) these are all detailed for volunteers and their

Many of the questions were left unanswered on purpose. The bill "does
not create a large bureaucracy, nor does it seek to micromanage,"  
Wyden told his colleagues. (Remember too that the DHS didn't even
exist when the bill was drafted.)

Since its formation in late November, DHS chief Tom Ridge has been
merging and reorganizing 22 federal agencies and 170,000 employees in
the new cabinet-level department.

Carol Guthrie, Wyden's spokeswoman, was diplomatic when asked about
the lack of progress.

"I think it's somewhat understandable that with all it has on its
plate the Department of Homeland Security hasn't turned to (NET Guard)  
yet," she said.

Because of press reports last year, Guthrie said the office received
many inquiries from IT experts interested in the program. But,
according to Wray, those names haven't been passed to DHS.

This sort benign neglect was a concern of skeptics, including Michael
Drapkin, CEO of Drapkin Technology, a New York IT consulting firm, the
former chair of e-Commerce management for Columbia University's
Executive IT Management program.

"The government has pretty much sat on the sidelines throughout the
entire rise of the Internet," Drapkin said. "I don't have much of a
sense of this going anywhere except the usual lip service and
congressional hearings with big CEOs that don't produce anything."

So far, he's right.

Now What?

It's unclear, what if any pressure Wyden, or the bill's other sponsor,
Sen. George Allen (R-Va.), could bring on DHS. At this point, probably
very little. Wyden still "believes it is an incredibly helpful
program," Guthrie said.

Americans remain concerned about terrorism remains, but real-time
images of servicemen and women facing machine gun fire and suicide
bombers can't help but lessen concern about "virtual" computer systems

Earlier this week, Richard A. Clarke, President Bush's former IT
security chief, told a congressional committee that DHS lacks the
resources and staff to carry out the administration's overall plan.

Ultimately, it's up to DHS whether the NET Guard goes anywhere.

The DHS has merged three IT staffs, including one from the FBI, to
monitor the performance of the nation's core Internet and phone
networks and flag problems. Though they may not have the local
presence that NET Guard would, the experts are doing some of the work
outlined for the NET Guard.

"We're confident they are sufficient to do the job now," Wray said.  
"We will continue to monitor the systems and focus on developing the
techology needed to deal with threats."

Williams, the security expert, said there are small, but useful, steps
that could be taken, namely, spreading the word about actions
companies to block network attacks.

Some signs within the federal government are promising, including some
agencies publishing security policies for the first time. NET Guard
could still work, if on a smaller scale, if dovetailed with those.

"It would be a shame if it didn't happen," Williams said.

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.