NIAC Tackles Net Security
Looks at regulation and disclosure.As corporate America tries to work more closely with the federal government to improve network security, a primary goal among CEOs is avoiding new federal regulations.
However, executives who are directly responsible for network security do not necessarily share that goal. CIOs and chief security officers across the country are quietly advocating regulation to spur their bosses into acting more effectively on network security, according to Tom Noonan (seen on left), president and CEO of Internet Security Systems Inc., in Atlanta. There is a widespread feeling among executives accountable for IT that security is not receiving the attention it deserves from the helm, Noonan told top corporate executives gathered for a teleconference of the National Infrastructure Advisory Council last week.
"Ive wanted to head for the hills every time I hear it," Noonan said.
The NIAC is also looking at the thorny issue of network vulnerability disclosure. Council members opinions on the topic range from full disclosure to limited disclosure, but there is a consensus that guidelines are needed for handling vulnerabilities, said NIAC Vice Chairman John Chambers (pictured left), president and CEO of Cisco Systems Inc., in San Jose, Calif. "Lacking existing guidelines, people invent solutions," Chambers said, adding that ad hoc solutions can create new problems. A task force set up by the council will complete a study of the matter by the end of June, Chambers said, and the initial assessment is that disclosure can cause more risks than it eliminates. The question of how much network threat data a corporation should share with the government creates an ongoing predicament for many enterprises. Divergent policies and practices are evident in the varying degrees of participation within the Information Sharing and Analysis Centers for each industry, according to members.