Terminal Compromise - Winn Schwartau

The NSA, though, was quick to respond to criticism. "All the NSA and its policies are trying to achieve is a massive reduction in the rate of propagation of the Homosoto Viruses, eliminate fur- ther infection, so we can isolate and immunize as many computers as possible. This will be a short term situation only." De- tractors vocally dispute that argument.

AT&T, Northern TelCom and most telephone manufacturers are taking additional steps in protecting one of Homosoto's key targets: Public and Private Branch Exchanges, PBX's, or phone switches. They have all developed additional security recommendations for customers to keep Phone Phreaks from utilizing the circuits without authorization. Telephone fraud alone reached an estimat- ed $14 Billion last year, with the courts upholding that custom- ers whose phones were misused are still liable for all bills. Large companies have responded by not paying the bills and with lawsuits.

The NSA is further recommending federal legislation to mitigate the effects of future computer attacks. They propose that com- puter security be required by law.

"We feel that it would be prudent to ask the private sector to comply with minimum security levels. The C2 level is easy to reach, and will deter all but the most dedicated assaults. It is our belief that as all cars are manufactured with safety items such as seat belts, all computer should be manufactured with security and information integrity mechanisms in place. C2 level will meet 99% of the public's needs." A spokesman for ECCO, one of the emergency computer organizations working with the NSA explained that such security levels available outside of the highest government levels range from D Level, the weakest, to A Level, the strongest.

It is estimated that compliance with such recommendations will add no more than $50 to the cost of each computer.

The types of organizations that the NSA recommend secure its computers by law is extensive, and is meeting with some vocal opposition:

Companies with more than 6 computers connected in a network or that use remote communications.

Companies which store information about other people or organiza- tions.

All Credit Card merchants.

Companies that do business with local, state or federal agencies.