http://www.washingtonpost.com/wp-dyn/articles/A59168-2002Sep9.html By Ariana Eunjung Cha Washington Post Staff Writer Tuesday, September 10, 2002; Page A04 As the White House moves to finalize a national plan to better secure cyberspace, high-tech firms and other companies are continuing a furious campaign to have some recommendations struck from the document. The administration no longer plans to recommend that Internet service providers such as America Online, MSN and EarthLink bundle firewall and other security technology with their software. Instead, it will ask ISPs to "make it easier" for home users to get access to such protections. It also does not plan to recommend that a privacy czar be appointed to oversee how companies make use of their customers' personal information, according to several people involved in drafting the document. A government official said the changes were made in hopes the plan would be adopted voluntarily by industry and not necessitate another layer of government regulation. Several companies have argued that if the government tells people what to buy and dictates how they should run their businesses, innovation will be squelched. But others said private industry was more concerned about the costs involved in carrying out the recommendations. Businesses also worry about taking on new legal liability. "I've been really shocked at how companies have been acting in their own interest rather than in the national interest," said Allan Paller, director of the SANS Institute, a computer-security think tank and education center. Harris Miller, president of the Information Technology Association of America, which represents 500 companies, said the private sector is in no way trying to dilute the plan. It was the industry, in fact, that first suggested a plan be developed, he said. "The idea that industry is somehow a reluctant partner is inaccurate," Miller said. At about 150 pages, the National Strategy to Secure Cyberspace, which is scheduled to be released Sept. 18, remains a weighty document outlining about 80 new obligations for the government, companies, universities and even home computer users. The most extensive recommendations are for the government. The plan would restrict federal workers from using certain wireless technologies and mandate that agencies only purchase software that has been certified to be secure. One of the top priorities, according to one draft, is for the government and the private sector is to make sure computers that control major systems such as subways, nuclear reactors and dams are secure. Also under consideration are recommendations calling for the establishment of a center that would study computer viruses, worms and other security threats; an accreditation board that would certify security personnel; and a private-public program that would help pay for security enhancements for critical parts of the Internet, including the routers that direct traffic, as well as operating systems such as Windows, Linux and the Mac OS. Some drafts also outline plans for the collection and analysis of network data that pass through universities -- places often used as jumping-off points for cyber-attacks. The draft also includes a plan to educate home users on how to secure their computers. The national strategy is being compiled and analyzed by Richard A. Clarke, director of the Office of Cyberspace Security, with input from a cross section of industry representatives, computer science experts and others. It is scheduled to be delivered to President Bush for his signature in the next week. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 04:38:22 PDT