Security Web Digest: Antispam Legislation Advances in House, Wanted: Cybersecurity Chief, and More

Advocates prefer opt-in rules to House bill's opt-out... Techno-security head to be low-level in department of HS... Enterprise Internet security issues widespread, understated... and more from around the web


Antispam sentiment on Capitol Hill is growing, with a new proposal in the House of Representatives promising to slap the worst bulk e-mailers with prison terms and millions of dollars in fines. The bill, called the Reduction in Distribution of Spam Act, is sponsored by Rep. Richard Burr, R-N.C., and has the support of two powerful committee chairmen, making it the most likely measure to prevail in the House. Should the bill pass, recipients would have to opt out of e-mails that they consider spam. The Coalition Against Unsolicited Commercial E-mail took issue with the law enforcement measures proposed by Burrs bill. The group would rather see a solution like the one in a bill approved Thursday by Californias senate that prohibits marketers from sending bulk e-mail without recipients first opting in.

Homeland Security

The Bush administration plans to appoint a new cybersecurity chief for the government, but industry leaders worry the new post wont be powerful enough. Officials are still looking for candidates for the new position, which will be within the Homeland Security Department. The appointment is expected to be announced within the next two weeks. The new position is drawing early criticism over its placement deep inside the agencys organizational chart. The cyberchief will be at least three steps beneath Homeland Security Secretary Tom Ridge.


Some companies still prefer to hush up electronic crime rather than help solve it, according to the National High Tech Crime Unit (NHTCU) in UK. Although most businesses cooperate with police to reduce computer-based crime, many pull out before prosecution, according to John Lyons, crime reduction coordinator at the NHTCU. Lyons outlined a series of examples of e-crime to demonstrate the new methods being used to carry out traditional crimes. He identified website spoofing as a major problem for UK financial companies. The unit receives almost daily calls from companies whose sites had been copied in this way.

UK banks, building societies and retailers began the introduction of a more secure method of authorizing credit card payments last week. Designed to combat fraud, the Chip and PIN Program will see the magnetic stripes on credit and debit cards replaced with more secure smart chips. The project will see more than 850,000 retailer terminals, 120 million cards and 40,000 cash machines upgraded over the next 18 months. Consumers will verify their purchases by keying in a four-digit PIN (Personal Identification Number) -- rather than signing a receipt.

According a recent IDC survey of more than 1,000 companies across nine countries in Asia-Pacific, 72 percent of enterprises have experienced an Internet security breach while 39 percent felt their online threats have increased in the past year. And while 97 percent of those surveyed have some form of Internet security in place, these tended to be off-the-shelf anti-virus products, said Nathan Midler, a senior analyst with IDC Asia-Pacific.

3Com this week is boosting its efforts in the security space with the launch of its Security Advantage channel program. Security Advantage, an expansion of the companys embedded firewall training, provides security training, certification and discounts to 3Com channel partners in the United States and Canada, said Elesh Kadakia, 3Coms security solutions manager.