[ISN] IT Resists Mandatory Cyber-Security

From: InfoSec News (isnat_private)
Date: Thu Jan 09 2003 - 01:45:28 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Securing Business Information", F. Christian Byrnes/Dale Kutnick"

    By Caron Carlson
    January 8, 2003 
    As the Bush Administration prepares to release the National Strategy
    to Secure Cyberspace, the IT industry continues to resist efforts to
    include technology mandates or regulations. Not all members of the
    nation's critical infrastructure sectors are equally resistant to the
    federal government dictating standards, however.
    This afternoon, the President's advisor on cyberspace, Richard Clarke,
    heard from top-level IT industry executives, who emphasized that the
    government should promote security through its purchasing power rather
    than through mandates. Thirty chief executives from all critical
    infrastructure sectors make up the National Infrastructure Advisory
    Council, which is providing suggestions on the strategy.
    "When it's all said and done, the government has a huge, huge lever in
    its purchasing power," John Thompson, chairman and CEO of Symantec
    Corp., said in a teleconference with the advisory group today. "We
    should encourage the government to settle on a set of standards for
    their own use, but not dictate a set of standards."
    Other industries, such as banking, have benefited from regulation, and
    some members of the advisory group want to ensure that the strategy
    does not preclude further beneficial mandates in those sectors. George
    Martinez, chairman of Sterling Bank and Sterling Bancshares Inc., said
    that banking regulations have spurred necessary investments and that
    they could be expanded to include security.
    Law enforcement also has been a proponent of a more stringent federal
    approach to security. During today's teleconference, Gilbert Gallegos,
    chief of police in Albuquerque, N.M., said that mandatory security
    testing could help determine whether flaws exist in products before
    problems arise.
    Long accustomed to little oversight from Washington, the IT sector is
    eager to ensure that it does not fall under a regime similar to
    banking or other highly regulated industries, however.
    John Chambers, president and CEO of Cisco Systems Inc., said that
    regulations such as mandatory testing retard IT innovation and that
    the strategy should not recommend mandatory testing.
    Information-sharing is another major focus of the cyber-strategy, and
    IT companies are also leery of government-mandated standards with
    regard to system interoperability.
    Margaret Grayson, president and CEO of V-ONE Corp., suggested that
    that the information-sharing provisions of the strategy should be
    strengthened with interoperability requirements, but that idea was
    Chambers, who serves as vice chairman of the NIAC, said that to
    encourage open standards is the right message, but that forced
    interoperability among a large number of companies is practically
    unenforceable and an impossible burden on small companies.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 03:49:04 PST