Feds Called to Shoulder More of Security Load

Microsoft top security exec Scott Charney says the government should take more responsibility for the security and integrity of the nation's critical infrastructure.

CHICAGO—Microsoft Corp.s top security executive on Monday called on the government to take more responsibility for the security and integrity of the nations critical infrastructure, saying that leaving the task to vendors and market forces is a mistake.

"The problem is, we have delegated security to the markets, and the markets dont do that," said Scott Charney, Microsofts chief security strategist, during his keynote speech at the Computer Security Institute Conference here. "What we have to think about is, how much security does the market get you?"

Charney stopped short, however, of calling for new security regulations. Instead, the government should work closely with vendors and enterprises to determine whats needed and how to go about achieving those objectives, he said.

"It doesnt have to be regulation. It might be, but it doesnt have to be," Charney said. "This will be a really tough question for the next five years."

Charneys comments present a clear challenge to the governments security officials, who have said repeatedly during the last several months that they want to avoid regulating the security of the Internet. The National Strategy to Secure Cyberspace is built around this central premise. And Richard Clarke, the chairman of the Presidents Critical Infrastructure Protection Board, which wrote the strategy, is a strong proponent of the concept of market forces and customer demand driving improved security in software and on the Internet.

Analysts say that while the government certainly has a role to play in securing the Internet, the private sector shouldnt count on Washington to understand the problems at hand.

"The government will screw it up if it comes to regulation," said Pete Lindstrom, research director at Spire Security LLC, an analyst firm in Malvern, Pa.

Charney did concede that vendors such as Microsoft have a responsibility to do their part, as well.

"Microsoft has a role to play because, like all public companies, we have a conscience," he said. "My job is a cost center; my staff has doubled, and the entire staff is a cost center. But we have to do it because the public depends on it."