Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, June 07, 2004

Cybersecurity: Too important to leave in private hands?

The cybersecurity of the U.S. is too important to leave to the chance that marketplace incentives will lead to more secure software, a liberal commentator and a cybersecurity analyst argued Monday at the Gartner IT Security Summit.

During a panel discussion about the possibility of government creating cybersecurity regulations, Press and Rich Mogull, a research director for Gartner Research, advocated government taking a more active role.

While others on the panel suggested the U.S. government could affect cybersecurity by using its huge purchasing power to influence companies, Press questioned why software vendors aren’t sued for selling products with security flaws.  Without laws allowing software vendors to be sued, “you are rewarding people for selling broken products,” he added.  Instead of software vendors being held responsible for cybersecurity problems, the buyers pay the bill, Press said.  Instead of government regulations, software buyers should demand better products, he said.  In all but the desktop market, where Microsoft dominates, competition over the past couple of years has helped improve software security, Pescatore added.

Fred Barnes, executive editor of the conservative Weekly Standard and cohost of Fox News’ Beltway Boys, asked the panel why more cybersecurity legislation hasn’t been considered in the U.S. Congress.

“There’s a fear of stifling innovation,” said Roger Cressey, president of Good Harbor Consulting LLC and former counterterrorism expert at the White House.

Fred Barnes, executive editor of the conservative Weekly Standard and cohost of Fox News’ Beltway Boys noted that some government and private cybersecurity experts have been warning of the possibility of a “digital Pearl Harbor,” a massive attack on U.S. IT assets, for several years.  The threat cannot be overstated, answered Bob Dix, staff director for the technology and information policy subcommittee of the House Government Reform Committee.  However, Dix said Monday he hopes the subcommittee’s efforts to raise awareness about cybersecurity will get company chief executives to take the issue seriously.

But Press suggested that the software industry should be proactive and work with Congress now to pass legislation the industry can live with.

More info:

Posted on 06/07