Index

DATE=3/29/2000 TYPE=CORRESPONDENT REPORT TITLE=COMPUTER SECURITY (L-ONLY) NUMBER=2-260749 BYLINE=CANDACE WILLIAMS DATELINE=WASHINGTON INTERNET=YES CONTENT= VOICED AT: INTRO: U-S government and private industry computer analysts say U-S federal agencies must do more to protect their computer networks from hackers and others seeking unauthorized access. The warning was issued Wednesday in Washington during a House subcommittee hearing on computer security. V-O-A's Candace Williams has more. TEXT: Recent audits and other reviews have uncovered lapses in computer security practices at virtually every major federal government agency. Jack Brock, a computer expert from the General Accounting Office, said one weak spot was the Environmental Protection Agency. Mr. Brock said a recent investigation showed how easily unauthorized users could break into its networks. /// FIRST BROCK ACT /// We were able to penetrate the firewall, which was largely ineffective, penetrate limited access controls and essentially could have had access to most of the information and processes that ran throughout the entire agency. The entire agency in this case was vulnerable. /// END ACT /// Mr. Brock said reviews also uncovered lapses at the U- S Defense Department, the U-S Space Agency, the State Department and Veterans Administration. But he said that the agencies had taken what he called significant strides to better safeguard their systems. Mr. Brock said many agencies do not have relevant security program planning and management policies. He stressed that effective computer security systems must be tailored to the needs of a particular agency. /// OPT /// /// SECOND BROCK ACT /// Computer security programs have to support the organizational mission and goals of the agency. They can't be divorced from what the agency does or they're not relevant. /// END ACT /// An official at the National Space Agency, David Nelson, says computer security is most effective when management, technical support staff, and network users fully understand the importance of the issue and work together. /// NELSON ACT /// Over the last two years, NASA has developed or acquired new training material for managers, system administrators and users. This training is now mandatory for all civil servants. /// END ACT /// /// END OPT /// The experts told lawmakers the best defense is common sense. They say computer systems become vulnerable to intruders when passwords are shared or when anti-viral software programs and other firewalls are not in place. They say agencies must take advantage of readily available tools -like encryption codes and special software - to protect themselves, given the increasing sophistication of computers and the people who use them. (Signed) NEB/CAW/TVM/gm 29-Mar-2000 18:44 PM EDT (29-Mar-2000 2344 UTC) NNNN Source: Voice of America .