Now that the federal government has shown its cards on the issue of Internet security, a newly formed task force of security company executives is planning a response it hopes will make measurable progress in the effort to improve computer security.
The CEO Cybersecurity Task Force by the end of this year will release a set of network security best practices for enterprises to adopt as a minimum standard. The task force plans to challenge executives to have their companies meet these base-line requirements by a certain date, which has yet to be determined.
The hope is that peer pressure and a walk-before-you-run approach will entice laggard enterprises into shoring up their security.
“Its very important that we get this done,” said Barry Bycoff, co-chair of the task force and CEO of Netegrity Inc., based in Waltham, Mass. “The base line will obviously change each year. And we hope to get other organizations and consulting firms involved in advocating this.”
The task force, formed last week, is a subset of TechNet—a national organization of technology industry CEOs, somewhat akin to a lobbying group, that works with legislators to help shape policy. In addition to developing the base-line security guidelines, the task force plans to work with government security officials to develop an efficient, workable plan for public and private information sharing of attack and threat data. This is a hot topic both in Washington and in Silicon Valley, where corporate IT staffs see little to gain by divulging such sensitive data.
Bycoff said he believes, however, that there is a middle ground that must be reached for the good of all concerned. “The impact of these attacks can be greatly limited if an effective communication channel can be set up,” he said. “Weve been very active in working with [government officials] on this.”
The Department of Homeland Security, still in its infancy, has absorbed much of the governments information security infrastructure, including the FBIs National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Federal Computer Incident Response Center and the National Communication System.