[ISN] White House to unveil initiative for protection against cyberattacks

From: InfoSec News (isnat_private)
Date: Tue Sep 17 2002 - 05:54:48 PDT

  • Next message: InfoSec News: "[ISN] New threats from instigators and hackers"

    By Mary Anne Ostrom and Elise Ackerman
    Mercury News
    Sept. 15, 2002
    Using Silicon Valley as the backdrop, the White House this week will
    unveil its most comprehensive plan yet to protect the nation's
    computer users from cyberattacks.
    Industry officials who have seen drafts of the plan and White House
    briefing documents describe a strategy that will rely heavily on
    voluntary efforts of home computer users and employers and sets new
    security standards for government agencies, which have been roundly
    criticized for ignoring computer security.
    The new blueprint for computer security will be presented Wednesday at
    Stanford University by Richard Clarke, the Bush administration's top
    cybersecurity officer, and FBI Director Robert Mueller, among others.
    The wide-ranging report, months in the works, comes exactly one week
    after the first anniversary of the Sept. 11 attacks. It calls on ``all
    Americans to secure their portions of cyberspace.''
    The effort to raise awareness of online security is praised by
    high-tech companies, many of which sell computer security products,
    but questioned by some independent security experts who say they are
    unconvinced the industry-influenced strategy will significantly shore
    up the nation's computer networks. That's partly because the White
    House plan seeks to shift responsibility for protecting cyberspace to
    ordinary people and away from mandates that require industry to take
    action, say skeptics.
    More than a dozen valley companies have weighed in with suggestions to
    the White House, including Cisco Systems, Sun Microsystems, Oracle,
    Network Associates, VeriSign and Symantec. TechNet, the bipartisan
    tech lobby group, is hosting a valley reception Tuesday night for
    The plan, in the words of one business participant, was ``heavily
    vetted'' by the various industries and government sectors affected,
    and contains virtually no proposals for new laws among its 86
    recommendations and 24 strategic goals.
    Among the report's themes:
    * Encourage home users and small businesses to install and maintain
      anti-virus protections, with some help from their Internet service
    * Establish more secure standards for government-purchased software
      and products and call on industry to include them in products they
      sell to corporate America.
    * Boost security research and training of technologists, including
      creating a national center to detect and counter threats.
    Some earlier controversial proposals may not make it into the report
    following industry opposition. These include naming a federal privacy
    czar to rule on sharing of customer data among businesses and
    recommending that major cable and DSL companies bundle firewalls or
    other protections with their service.
    ``In almost every area where it looked like they were going to mandate
    things, they dropped back to saying they were going to encourage
    them,'' said John Pescatore, research director for Internet security
    at Gartner.
    Clarke and other government officials would not comment last week in
    advance of the release of the ``National Strategy to Secure
    Cyberspace.'' But background documents provided by the White House
    call the strategy ``a national partnership between private sectors,
    government and individuals to vigorously secure, maintain and update
    the security of cyberspace.''
    In most cases, the report does not say who will pay for the cost of
    heightened computer security when America's businesses are cutting
    back on overall information technology spending and consumer adoption
    of broadband is cost-sensitive. The federal government's own computer
    security budget has been increased 65 percent, to $4.5 billion, in the
    fiscal year that begins in two weeks.
    `Not the holy grail'
    But new subsidies, such as tax incentives sought by some tech
    companies to boost security spending, likely will not be included.
    ``This is not the holy grail,'' said Stratton Sclavos, chairman and
    CEO of VeriSign, which sells Internet security products. But, he
    added, the report should jumpstart at least some government spending.
    ``Our expectation is no windfall, but it will increase our public
    sector business over the next three to five years a couple of
    percentage points a quarter or a year,'' he said.
    With the government encouraging ordinary computer users to buy
    anti-virus and firewall products from companies like Symantec and
    Network Associates, the plan could lead to a significant increase in
    their sales, some analysts predicted.
    Both companies are releasing new versions of Internet security
    products to coincide with the White House report.
    Security expert Richard M. Smith said the plan's emphasis on action by
    home users and small business owners appeared to let the makers of
    security programs off the hook. ``Vendors need to take more
    responsibility for this problem,'' Smith said. ``They have to ship
    products that are more secure.''
    Computer attack
    Clarke, whom Bush named as his cybersecurity adviser late last year,
    has repeatedly warned of a ``digital Pearl Harbor,'' and last month
    said the government is now as worried about an attack on vital
    computer networks from a hostile nation as from a terrorist group,
    citing several suspicious breaches in federal networks.
    However, Clarke, who reports to Homeland Security Director Tom Ridge
    and National Security Adviser Condoleezza Rice, has also emphasized
    that any national strategy would not rely on new regulations.
    While heavily involved in its development, industry leaders say they
    did not write the report and pointed out that product upgrades and
    redesigns the government is encouraging will mean higher costs for
    business, even if they generate more sales.
    ``It's not all motherhood and apple pie and so bland and non-specific
    that everyone can say `Amen,' '' said Harris Miller, president of the
    Information Technology Association of America. He defended industry's
    position that it should not be responsible for consumers installing
    anti-virus programs and firewalls.
    ``The guys who sell you the car isn't going to come around and strap
    you in with your seat belt every time.''
    Contact Mary Anne Ostrom at mostromat_private or (408) 920-5574. 
    Contact Elise Ackerman at eackermanat_private or (408) 271-3774.  
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 08:45:00 PDT