Senate committee looks into IT vulnerabilities

Not wasting any time, the U.S. Senate Governmental Affairs Committee held a hearing last week on a key question in the wake of the attacks in New York and Washington: whether computer networks that run vital services are vulnerable to terrorism.

The answer from two government witnesses is that government systems suffer from poor security, rely on buggy, commercial off-the-shelf software that creates risks and don’t get security incident data from private sector companies that could help the government improve cyberprotection.

“The private sector, for good reasons, does not always want to share information related to threats, what the risks may be, what kind of incidents that may have occurred in the past,” said Joel Willemssen, who manages IT issues for the congressional watchdog agency, the General Accounting Office.

Private-sector security data “can give us a sense of where we stand strategically and where our risks are at,” said Willemssen.

Willemssen and other government officials involved in critical infrastructure issues have voiced such concerns before. But they received renewed attention after Tuesday’s attacks.

The State, said Committee Chairman Joseph Lieberman (D-Conn.), has entered a “new era” in protecting national security, one that includes improving the nation’s capability to protect critical systems from sophisticated cyberattacks.

The hearing last Wednesday critical infrastructure had been scheduled prior to the attacks.

“Today, our hearts and minds are naturally focused on yesterday’s tragedy, but it is important that the Senate continue with America’s business, particularly as it affects America’s security,” said Lieberman. “Our enemies will increasingly strike this mighty nation at places