http://www.siliconvalley.com/mld/siliconvalley/4083736.htm By Mary Anne Ostrom and Elise Ackerman Mercury News Sept. 15, 2002 Using Silicon Valley as the backdrop, the White House this week will unveil its most comprehensive plan yet to protect the nation's computer users from cyberattacks. Industry officials who have seen drafts of the plan and White House briefing documents describe a strategy that will rely heavily on voluntary efforts of home computer users and employers and sets new security standards for government agencies, which have been roundly criticized for ignoring computer security. The new blueprint for computer security will be presented Wednesday at Stanford University by Richard Clarke, the Bush administration's top cybersecurity officer, and FBI Director Robert Mueller, among others. The wide-ranging report, months in the works, comes exactly one week after the first anniversary of the Sept. 11 attacks. It calls on ``all Americans to secure their portions of cyberspace.'' The effort to raise awareness of online security is praised by high-tech companies, many of which sell computer security products, but questioned by some independent security experts who say they are unconvinced the industry-influenced strategy will significantly shore up the nation's computer networks. That's partly because the White House plan seeks to shift responsibility for protecting cyberspace to ordinary people and away from mandates that require industry to take action, say skeptics. More than a dozen valley companies have weighed in with suggestions to the White House, including Cisco Systems, Sun Microsystems, Oracle, Network Associates, VeriSign and Symantec. TechNet, the bipartisan tech lobby group, is hosting a valley reception Tuesday night for Clarke. The plan, in the words of one business participant, was ``heavily vetted'' by the various industries and government sectors affected, and contains virtually no proposals for new laws among its 86 recommendations and 24 strategic goals. Proposals Among the report's themes: * Encourage home users and small businesses to install and maintain anti-virus protections, with some help from their Internet service providers. * Establish more secure standards for government-purchased software and products and call on industry to include them in products they sell to corporate America. * Boost security research and training of technologists, including creating a national center to detect and counter threats. Some earlier controversial proposals may not make it into the report following industry opposition. These include naming a federal privacy czar to rule on sharing of customer data among businesses and recommending that major cable and DSL companies bundle firewalls or other protections with their service. ``In almost every area where it looked like they were going to mandate things, they dropped back to saying they were going to encourage them,'' said John Pescatore, research director for Internet security at Gartner. Clarke and other government officials would not comment last week in advance of the release of the ``National Strategy to Secure Cyberspace.'' But background documents provided by the White House call the strategy ``a national partnership between private sectors, government and individuals to vigorously secure, maintain and update the security of cyberspace.'' In most cases, the report does not say who will pay for the cost of heightened computer security when America's businesses are cutting back on overall information technology spending and consumer adoption of broadband is cost-sensitive. The federal government's own computer security budget has been increased 65 percent, to $4.5 billion, in the fiscal year that begins in two weeks. `Not the holy grail' But new subsidies, such as tax incentives sought by some tech companies to boost security spending, likely will not be included. ``This is not the holy grail,'' said Stratton Sclavos, chairman and CEO of VeriSign, which sells Internet security products. But, he added, the report should jumpstart at least some government spending. ``Our expectation is no windfall, but it will increase our public sector business over the next three to five years a couple of percentage points a quarter or a year,'' he said. With the government encouraging ordinary computer users to buy anti-virus and firewall products from companies like Symantec and Network Associates, the plan could lead to a significant increase in their sales, some analysts predicted. Both companies are releasing new versions of Internet security products to coincide with the White House report. Security expert Richard M. Smith said the plan's emphasis on action by home users and small business owners appeared to let the makers of security programs off the hook. ``Vendors need to take more responsibility for this problem,'' Smith said. ``They have to ship products that are more secure.'' Computer attack Clarke, whom Bush named as his cybersecurity adviser late last year, has repeatedly warned of a ``digital Pearl Harbor,'' and last month said the government is now as worried about an attack on vital computer networks from a hostile nation as from a terrorist group, citing several suspicious breaches in federal networks. However, Clarke, who reports to Homeland Security Director Tom Ridge and National Security Adviser Condoleezza Rice, has also emphasized that any national strategy would not rely on new regulations. While heavily involved in its development, industry leaders say they did not write the report and pointed out that product upgrades and redesigns the government is encouraging will mean higher costs for business, even if they generate more sales. ``It's not all motherhood and apple pie and so bland and non-specific that everyone can say `Amen,' '' said Harris Miller, president of the Information Technology Association of America. He defended industry's position that it should not be responsible for consumers installing anti-virus programs and firewalls. ``The guys who sell you the car isn't going to come around and strap you in with your seat belt every time.'' -------------------------------------------------------------------- Contact Mary Anne Ostrom at mostromat_private or (408) 920-5574. Contact Elise Ackerman at eackermanat_private or (408) 271-3774. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 08:45:00 PDT