Security executives from some of the countrys largest IT vendors and telecommunications carriers came to Capitol Hill last week to nip in the bud any plans federal lawmakers might be harboring for regulating private data networks.
Having been caught off guard by the Sept. 11, 2001, terrorist attacks, Congress is eager to avoid appearing unprepared should a large-scale cyber-attack occur. At the same time, many lawmakers have expressed an awareness of the gravity of meddling in what has been historically the purview of industry.
“I am concerned about what we might do now to the architecture of the Internet to the detriment of our free society,” Rep. Zoe Lofgren, D-Calif., said last week at a hearing of the cyber-security subcommittee of the House Select Committee on Homeland Security. “My children will live with the mistakes I make.”
Sounding a united alarm against intrusive federal regulation, industry officials cautioned that over-involvement on the part of the government could impede speedy disaster recovery operations by private companies. First and foremost, they agreed, Congress should keep its hands off when it comes to monitoring or controlling privately held networks.
“I think its very important that people continue to own their own computers—genuinely own their own computers,” said Whitfield Diffie, chief security officer at Sun Microsystems Inc., based in Santa Clara, Calif.
“I think the worst thing the government could do is not listen to the industry participants about what theyre capable of doing,” said Frank Ianna, president of AT&T Network Services, based in Bedminster, N.J.
There are steps the government could take to help the private sector do a better job of securing its infrastructure, industry officials said. For example, the government could help create an international law enforcement framework and improve disaster prevention and response measures among its own agencies.
The government could also play a larger role in coordinating industry-developed standards and best practices, industry representatives told Congress.
At the heart of recommendations for improving network security lie suggestions for information-sharing. Congress and the administration have worked to encourage the private sector to turn over a growing volume of security-related data, but companies want the government to practice what it preaches first.
“The federal government must do more to expand information-sharing with infrastructure owners,” said Jay Adelson, founder and chief technology officer of Equinix Inc., in Foster City, Calif.