Strengthening electronic security

Hardly a week goes by, it seems, without another example of misuse of computers: Someone else has wormed his electronic way into sensitive government or private files.

The problem needs to be attacked on several fronts; there is welcome evidence now of the beginning of forward movement, both in the government and in private industry.

A federal law is needed which explicitly would make illegal unauthorized intrusions into computer systems, as well as outright frauds using computer systems. It would need to be carefully written so that its language did not preempt state officials from prosecuting crimes on other grounds if these were more appropriate. Some states have such laws, but others do not. Some types of computer crime are covered by nearly 40 existing federal laws; but sponsors of two federal computer antifraud bills have heard from prosecuting attorneys that a need exists for a specific computer-crime law. In addition, there is also a significant deterrent value in passing a publicized federal law that clearly defines misuses of computer access as federal crimes, given the youth and inexperience of some computer users who are entering government systems.

A congressional hearing on one of these proposals is expected before this fall's recess, although Congress probably will not pass a law on the issue this year.

Government agencies and private industries that have computer systems must do their part in protecting the security of their computers. One need is to make certain that only persons who need access to the computers have it; too often in many firms computer passwords have been distributed to persons who do not need them. It is important, too, that firms change the security built into their computer systems so that it becomes much more difficult for unauthorized users to enter. The greatest need appears to be to prevent such persons from entering through telephone connections. There now are reports that both government agencies and private industry are taking steps to toughen this electronic security. At the same time, companies face the classic dilemma: Security should not be so stiffened that the computer systems become very difficult for legitimate users to operate.

Makers of computer machines and programs also need to work creatively to build into their systems ways to keep out intruders.

It is better that the nation be alerted to the vulnerability of its computer systems by the young computer whizzes, who apparently did not have nefarious intent, than discover at a later date that sensitive information had been compromised by persons bent on committing computer fraud - or worse. What if those who had gained entry into military systems had been in the employ of potential enemies of the US? That is one reason for the urgency in putting legal and computer-system safeguards into place.

of 5 stories this month > Get unlimited stories
You've read 5 of 5 free stories

Only $1 for your first month.

Get unlimited Monitor journalism.