However, one security commodity that many government IT professionals seek above all—more information from the private sector on outages and attacks—is not forthcoming. Ever since the terrorist attacks of September 2001, the government has urged private enterprises to pass along data on network attacks, but companies remain largely reluctant to part with too much data of that nature.
In February, in the latest attempt to improve information-sharing efforts, Rep. Tom Davis, R-Va., inaugurated the Chief Information Security Officer Exchange, a public-private partnership aiming to improve the governments dismal record on IT security.
However, the private sector, with the exception of Computer Sciences Corp. and NetSec Inc., is still maintaining its distance nearly two months later.
The CISO advisory board is to consist of six government IT-security officials and six executives from system integrators and services companies.
At the FOSE conference and exhibition at the D.C. Convention Center here Tuesday, the forum named the government participants: information-security officers from the Department of Defense, Department of Homeland Security, Department of Justice, Department of State, Department of Housing and Urban Development, and the Internal Revenue Service.
On the industry side of the board, four of the six seats remain vacant. Whats more, the two companies that have joined the exchange sent sales executives, not information-security officials, to represent them. CSC will be represented by Austin Yerks, president of business development in the Federal Sector division. For NetSec, Ken Ammon, president of the government solutions division, will join the board.
The companies will each pay $75,000 annually to participate on the advisory board, which is co-chaired by Vance Hitch, CIO at the Department of Justice, and Melissa Wojciak, staff director of the House Government Reform Committee.
The exchange plans to write an annual report on information-security priorities in the government and host an awards dinner for agencies that improve their Federal Computer Security Report Card grades.
Product vendors, who may not sit on the board, may contribute by sponsoring meetings. The first operational meeting is scheduled for mid-May.