Feds: Tech Industry Must Act to Thwart Security Threats

At the National Cyber Security Summit, technology leaders are told they must start making progress in security in order for homeland security officials to forestall legislative efforts.

SANTA CLARA, Calif.—Leaders of the federal governments homeland security efforts warned technology industry leaders that if they do not lead the way in securing cyberspace, they will face the prospect of legislation setting security requirements.

Responsible for 85 percent of the nations critical infrastructure, the private sector is critical to implementing a national plan for cyber-security, laid out in President Bushs year-old National Strategy to Secure Cyberspace, said Tom Ridge, secretary of the Department of Homeland Security, during the National Cyber Security Summit here on Wednesday.

"We must be as diligent and determined in finding ways to strengthen cyberspace as the terrorists are in trying to find ways to attack it," Ridge said.

But the private sectors role must involve more than promising to work together or forming task forces. It also must set metrics and deliverables to demonstrate progress in security in order for homeland security officials to forestall legislative efforts, said Robert Liscouski, the Homeland Security Departments assistant secretary for infrastructure protection.

"If we cant tell that story, there are plenty of people out there willing to legislate your work," he said. "And if thats what you want, then I can assure you, thats what youll get."

Technology executives, through industry groups such as the Information Technology Association of America and the Business Software Alliance, already have been lobbying the Homeland Security Department not to push a proposed rule that would require publicly traded companies to share with securities regulators their defenses against IT security attacks.

The Homeland Security Department, the ITAA and the BSA are among the sponsors of the National Cyber Security Summit, the first of its kind since the launch of the national strategy. Technology executives throughout the day are expected to hammer out more details on how to get the various plans in the strategy to work. They will be convening five task forces, covering everything from raising security awareness among home users and small businesses to developing an early warning system for security threats.

Ron Moritz, senior vice president of eTrust security solutions at Computer Associates International Inc., is a co-chair of the "Security Across the Software Development Life Cycle" task force. He said that the industry had begun working with the federal government on cyber-security even before Sept. 11, 2001, but that he now is noticing more urgency.

While he expected Wednesdays meeting to result in plans of action, he said tangible results probably wouldnt be seen for a few more months.

"The industry would love to say, We met for two days and we have all the answers," he said. "But a lot of this is going to be long term."

Pushing ahead remains critical for both the government and the private sector because of the ease with which a terrorist or hacker can wreak havoc on computing systems. The issue cuts across the entire spectrum of computer users, Liscouski said. Even if big business secures all their systems, holes elsewhere still must be plugged.

"[Its] as simple as seizing a few small computers in homes to launch attacks with impacts on our national infrastructure," he said.

The summit, which opened on Tuesday, also is serving as the first major event for the new director of the National Cyber Security Division of the Homeland Security Department, Amit Yoran. Yoran, a former executive at security vendor Symantec Corp., took the helm in October.