Modernizing Authentication — What It Takes to Transform Secure Access
The Senate Governmental Affairs Committee Wednesday approved a bill mandating federal agencies to develop and implement security plans to protect their network systems from the risks posed by peer-to-peer (P2P) file sharing. Earlier this month, the U.S. House of Representatives approved the same legislation.
Both the House and the Senate have already implemented security measures against P2P security threats through both technical and non-technical means, including firewalls and employee training. The Government Network Security Act of 2003 would give Executive Branch agencies six months to take similar steps.
The federal government uses and stores a wide variety of classified and sensitive information, including information vital to national security, defense, law enforcement, economic markets, public health, and the environment. Government computers also contain personal and financial information of U.S. citizens and businesses.
Installation of P2P software on government computers can expose this sensitive information to the public.
The House Committee on Government Reform issued a staff report in May showing how through a "couple of simple searches" of the most popular P2P programs, personal information such as tax returns, medical records, and confidential legal documents and business files were found.
"We learned (through hearings held in May) that using these programs can be similar to giving a complete stranger access to your personal file cabinet," said bill co-sponsor Tom Davis (R-VA) said. "Needless to say, file sharing programs create a number of risks for federal departments and agencies if they are installed on government computers. Because files are shared anonymously on peer to peer networks, there is also a risk of the spread of viruses, worms, and other malicious computer files."
Instead of banning P2P networks on government computers, a Davis spokesman told internetnews.com in Sept., "We didn't want to be that draconian." Neither the legislation, the staff committee report nor the Davis spokesman could site how many government computers have P2P software installed.
Both the House and Senate legislation contains language that states, "Innovations in peer-to-peer technology for government applications can be pursued on intragovernmental networks that do not pose risks to network security."