In a major change of heart for both sides, government representatives and corporate CIOs are for the first time pledging to share more information with each other in an effort to improve security across the nations critical IT infrastructure.
The coming together is the result of efforts over the last month by the federal government—namely, the Department of Homeland Security—to recruit the help of the private sector in implementing its lofty NSSC (National Strategy to Secure Cyberspace). To accomplish this, the DHS reversed its stance on certain measures of the NSSC that were heavily criticized early on, such as the lack of private-sector influence and the establishment of a repository of security data that would reside with the government. Both issues are now not only on the table but are also pushing the two sides together.
Government representatives and corporate CIOs met at the National Cybersecurity Summit in Santa Clara, Calif., last week and began crafting ways to implement the NSSC. During the summit, five task forces were organized around specific topics, such as early-warning systems and security in software development, and guidelines for each topic were developed.
In addition, DHS officials outlined a plan for information sharing that would involve the newly created organization US-CERT. US-CERT would create four or five reporting programs to alert organizations in various sectors about imminent threats such as worm outbreaks or widespread attacks. The organization would also provide tips and information on protecting against the threats.
Industry executives said the government is finally moving in the right direction.
"I think were making progress on information sharing," said Chris Klaus, founder and chief technology officer of Internet Security Systems Inc., in Atlanta, and co-chair of the Technical Standards and Common Criteria task force at the summit. "Weve been getting better information from [the government], and weve been working more closely with them."