Top Security Officers Form Think Tank

UPDATED: The Global CSO Council brings in heavy hitters from Oracle, Sun, Microsoft and eBay, as well as TCP/IP creator Vint Cerf.

A group of top security officers from some of the industrys largest companies announced Wednesday that they are banding together to form a new global security think tank.

The Global CSO Council includes Howard Schmidt, chief information security officer at eBay Inc. and the former top cybersecurity adviser to the president; Mary Ann Davidson, CSO of Oracle Corp.; Scott Charney, chief security strategist at Microsoft Corp.; Vint Cerf, vice president of technology strategy at MCI and co-designer of the TCP/IP protocol that underlies the Internet; and Whitfield Diffie, vice president and fellow at Sun Microsystems Inc. and the inventor of public-key encryption.

The new group will have a number of goals, but its primary purpose will be to serve as a forum for candid information exchange on security issues and to help define the role and duties of CSOs within large organizations. The council also intends to serve as a resource to government agencies and to take an active hand in helping to implement the National Strategy to Secure Cyberspace.

These plans may sound ambitious, but most of the councils members are well-respected both in the industry and in Washington, and many of them have close relationships with key people inside the Beltway. Charney, who replaced Schmidt at Microsoft, is a former federal prosecutor who is still well-connected at the Department of Justice and other important agencies. And Cerf, who is also chairman of the board of the International Corporation for Assigned Names and Numbers, worked for the Defense Advanced Research Projects Agency in the 1970s and 1980s and is among the most well-known players in the Internet community.


Other charter members of the council include Bill Boni, CISO at Motorola Inc.; Dave Cullinane, CISO at Washington Mutual Inc.; Steve Katz, formerly of Citigroup and the founder and former chairman of the Financial Services Information Sharing and Analysis Center; Rhonda MacLean, director of corporate information security at Bank of America; and Will Pelgrin, director of cyber security and critical infrastructure for the State of New York.

The new council is teaming with Carnegie Mellon Universitys new CyLab, as well. The lab will serve as the councils executive secretariat and will help the group develop policies and educate users about security. CMU plans to host a meeting of some of the CyLabs personnel and the council in January.

The councils plans and goals are still somewhat ill-defined at this point, but Schmidt said there are plenty of opportunities for the group to share its collective expertise with both the government and private organizations.

"We have a tremendous depth of experience and a range of expertise," Schmidt said. "One of the shortcomings weve had over the years is looking to technology to solve all of these problems."

Other council members said the chance to work together wiith other CSOs facing similar problems and challenges would be invaluable.

"The CSO is always to some degree an operational job and that involves contact with others in similar positions. A lot of the function of this organization is to promote contact and thats what Im looking forward to," said Diffie. He added that the council would do well to work toward encouraging research and development of more stable and trustworthy computing platforms. "We dont currently know how to build computer systems that are really adequate to meet the demands we put on them," Diffie said. "One of the things that needs to be pushed forward is the development of technology, of security thats necessary for the degree of trust we place in our cyber infrastructure."

Schmidt said the council already has been in touch with the Department of Homeland Security and plans to work closely with DHS.

Editors note: This story has been updated since its original posting to include information from the announcement briefing.

Discuss This in the eWEEK Forum