Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, March 08, 2004

The Path to Safety?

Industry readies plan for pre-emptive network defense.  Later this month some of the largest companies in the United States, led by the IT sector, will publicize a set of recommendations on hardening cyber-infrastructure so that the government doesn’t legislate the effort for them.

The recommendations—-all voluntary—-are to include television advertising aimed at small businesses and data collection research with the federal government, according to sources involved in the planning.

A little more than a year after the White House released its National Strategy to Secure Cyberspace, which includes a blueprint showing the private sector how to improve network security, federal policy-makers remain concerned that industry-owned networks are vulnerable to terrorist attack.

Patrick Leahy, D-Vt., said the country has been fortunate that terrorists have not infiltrated U.S. networks.  “We can assume, unfortunately, that they would if they had the opportunity,” Leahy said.  “It is essential that we work with the private sector to thoroughly assess our weaknesses and take steps to deal with them.”  “In most cases, the recommendations will be more like road maps of what we need to do to get where we want to be,” said Gary Garcia, vice president of information security policy at the ITAA.

A primary aim of the industry-led initiative, which comprises five task forces, is to encourage buy-in from stakeholders, including infrastructure owners, users and vendors, Garcia said.  To reach out to smaller businesses and individual users, the task forces are recommending public awareness campaigns, sources said.

The fear is that Congress will impose expensive new security obligations on corporations because so much of the country’s interdependent infrastructure is held in private hands.  Last year, Rep. Adam Putnam, R-Fla., floated the idea of mandating security audit reporting, but Putnam is still talking with industry leaders about alternative proposals, an aide said.

While much of the task forces’ work sets only a framework for improving network security, some recommendations will provide specific direction, sources said.  The plans will include detailed schedules and will recommend projects for improved education, such as including a network security course in the ordinary curricula at community colleges, Schmidt said.  Before month’s end, the industry group plans to launch a Web site enumerating its recommendations and other information to better secure private networks, sources said.,4149,1542841,00.asp?kc=EWRSS03119TX1K0000594

Posted on 03/08