Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000, Statement of Joel C. Willemssen, Director, Civil Agencies Information Systems Accounting and Information Management Division, Testimony before the Subcommittee on Government Management, Information Technology, Committee on Government Reform, House of Representatives [open pdf - 153KB]
H.R. 4246, the proposed Cyber Security Information Act of 2000, would remove barriers to information sharing between government and private industry. In GAO's view, the legislation would help build the meaningful private-public partnerships that are essential to protecting critical infrastructure assets. To successfully engage the private sector, however, the federal government itself must be a model of good information security. Today, it is not. Significant computer security weaknesses--from poor controls over sensitive systems and data to weak or nonexistent continuity of service plans--plague nearly every major agency. And, as seen in the recent "ILOVEYOU" computer virus, mechanisms already in place to ease information sharing among federal agencies about impending threats have not been working well. Moreover, the federal government may not yet have the right tools for identifying, analyzing, coordinating, and disseminating the type of information that H.R. 4246 envisions collecting from the private sector.
Government Accountability Office (GAO): http://www.gao.gov/