Responding to a request from the Bush administration, the information technology and telecommunications industries representatives in Washington filed a plan with the government last week to improve the countrys critical infrastructure and cyber-security.
Calling for improved information-sharing and public/private sector coordination, the groups hope to ward off heavy-handed government mandates in the quest for a more secure online environment.
The plan, submitted to the National Telecommunications and Information Administration last week, aims to protect not only the IT and communications industries, but also all other industries that rely on their products and services. The main message is that nobody can do it alone; it is every businesss responsibility to contribute to cyber-safety.
“Continuing to monitor and patch known vulnerabilities — studies show that this is not always happening,” said Dan Bart, senior vice president of standards and special projects at the Telecommunications Industry Association in Arlington, Va. “Making sure you have virus protection that kicks in on your screen-savers–it has to become part of everyday instruction. If youre the chief information officer of a company, youve got to kick some butt to make this happen.”
Developed by the TIA and three other industry groups in Washington, the National Strategy for Critical Infrastructure and Cyberspace Security recommends that businesses and schools regularly teach ethical online behavior. It also calls for the government to close loopholes in laws that make it difficult to punish malicious hacking and other illegal online activity.
By making suggestions for improved private sector/public sector coordination, the industry hopes to avoid potentially burdensome new laws or regulations. “People dont want to have government mandate that you must do this or you must do that,” Bart said. “Regulators abhor a vacuum.”
The groups are also looking to the government to increase international initiatives to promote better practices when it comes to information security and reporting cyber-crime because varying legal frameworks make international investigations and prosecutions difficult. The trade groups suggested the creation of an International Critical Infrastructure Assurance Coordinating Center, in which industry would play a key role along with governments.
“It doesnt make sense to have government-to-government-only negotiations,” Bart said. “Thats kind of like a bunch of podiatrists standing around talking about brain surgery.”
The cyber-security plan, combined with similar proposals submitted by other critical industries, will be incorporated into policy papers now under development by the administrations Critical Infrastructure Protection Board and the Office of Homeland Security. The papers are slated for completion in July, according to Bart.