Security Web Digest: Homeland Security and IT Security, XML Security Hardware ... and More

Will the government meet its targets for border security? ... Will terrorists launch cyber-attacks? ... Will IT security budgets go up? ... and more from around the web.


The prospect of war in Iraq has raised new concerns about the Department of Homeland Securitys progress in deploying the border security IT infrastructure. Testifying at a Senate Judiciary Subcommittee hearing last week, Asa Hutchinson, the departments undersecretary for border and transportation security, said the DHS would likely meet the Dec. 31 deadline for deploying a new entry/exit system at the nations airports and seaports. But he said the 2004 and 2005 deadlines for deploying the full array of IT systems along the land borders with Canada and Mexico could prove too difficult and expensive to meet.

Under law, the Department of Homeland Security has until the end of 2005 to complete the deployment of an integrated entry/exit system that makes maximum use of biometric technologies to identify foreign visitors to the U.S. Meanwhile, according to the National Institute of Standards and Technology, biometric facial recognition systems have improved dramatically in just three years to reach a 90% identification rate.

Terrorists wont strike the Internet because bombs are more effective, according to an expert panel at CeBIT. "I dont see a cyberattack as a terror attack of choice," Bruce Schneier, founder and CTO of Counterpane Internet Security said. "We are many years away from somebody being able to launch large-scale electronic attacks that have the effects of a bomb," Schneier said. Other panelists, executives from security software vendors RSA Security and Trend Micro and representatives from the European Union and the North Atlantic Treaty Organization (NATO), agreed. They blame the U.S. government, certain IT vendors and the media for creating cyberterrorism angst.

A report released last week estimates that the U.S. brokerage industry will spend as much as $700 million through 2005 on technology and outsourcing services in order to comply with the antiterrorism and anti-money-laundering regulations of the USA Patriot Act. The report by Needham, Mass.-based TowerGroup says brokerages spent $117 million on Patriot Act compliance measures last year and will invest about $404 million this year, when most of the Patriot Acts provisions become law. According to TowerGroup, about 39% of compliance budgets is being spent on integrating back-end systems, and 35% is going toward new software. Another 24% of the money is being used to upgrade IT infrastructures, such as hardware and storage, the report says. The remaining 2% is paying for outsourcing services with operators of customer databases, such as Regulatory DataCorp International LLC (RDC) in New York.


DataPower Technology and Altova on Monday announced the availability of XMLSPY 5 integrated with the Datapower XS40 XML Security Gateway. The unified solution addresses enterprise the need for centralized XML Web Services security without requiring application developers to alter pre-existing design and deployment practices in any way, the companies said in a statement. Security policies within the DataPower XS40 are fully XML-based so developers can quickly and easily use existing XML Schema, WSDL and other XML application files to assign filtering rules, access control and overall policy management.


A study released March 4th by Merrill Lynch, which surveyed 75 U.S. and 25 European CIOs, showed that 62 percent of technology officers feel no pressure to increase spending this year, and a good 40 percent of their budgets will go toward preventing existing machinery from breaking. In such an environment, security spending is likely to be squeezed even tighter. After all, systems security tends to go unfixed until proven broken -- in the form of sensational reports about billions of dollars in damages wreaked by malware or hackers. CIOs also may choose to spend a little more on technology that demonstrates return on investment and therefore justifies itself in the eyes of management. The problem, of course, is that security rarely contributes directly to the bottom line.