http://www.siliconvalley.com/mld/siliconvalley/7402121.htm By Elise Ackerman Mercury News Dec. 03, 2003 As George Bush makes national security the watchword of his presidency, some Silicon Valley leaders worry cybersecurity seems to have slipped off the administration's radar screen. Implementation of a highly touted ``national strategy to secure cyberspace'' has been delayed almost a year. Billions of dollars intended for cybersecurity programs -- to protect everything from federal networks to home computer users from everyone from adolescent hackers to cyberterrorists -- have not been spent. Two presidential advisers for cybersecurity have left the government, one after only two months. Today, a group of lobbyists, business leaders, elected representatives and security experts hope to refocus the administration's attention on the risks of vulnerable computer systems at a ``National Cyber Security Summit'' in Silicon Valley. Among those expected to be listening at the Santa Clara Marriott are Homeland Security chief Tom Ridge and Robert Liscouski, the Department of Homeland Security's assistant secretary of infrastructure protection. ``I think everyone is frustrated by the lack of forward movement,'' said 3Com Chairman Eric Benhamou, who headed one of five industry-sponsored task forces that will present a series of recommendations at the summit for putting federal policy into practice. ``Our goal has been to really encourage the senior people in the department to make sure a high priority is given to this aspect of security,'' said Rick White, president and CEO of TechNet, a technology lobbying group that is one of four industry sponsors which are paying for the summit. ``The threat is really very easy to understand,'' former cybersecurity czar Richard Clarke told Congress last spring. ``If there are major vulnerabilities in the digital networks that make our country run, then someday, somebody will exploit them in a major way, doing very great damage to the economy.'' Computer-powered systems managing transportation, electric power, gas, manufacturing -- even 911 calls -- could fail, Clarke said. Presidential agenda Past efforts by the tech industry to place cybersecurity on the presidential agenda have been successful. In 1998 then-President Clinton launched a federal initiative to secure cyberspace, appointing Clarke as national coordinator for security, critical infrastructure and counterterrorism. In 2001, the Bush administration followed up, establishing a high-level executive board to coordinate the federal efforts started by Clinton. Last year, Clarke, who had been named a special adviser to the president for cybersecurity, began aggressively promoting a new White House blueprint for dealing with electronic threats known as the ``National Strategy to Secure Cyberspace.'' But the strategy was substantially weakened while being readied for President Bush's signature. Two weeks before the administration adopted it, Clarke resigned. Howard Schmidt, former security strategist at Microsoft, stepped briefly into the post before resigning two months later to become eBay's security chief. After his departure, the responsibilities of the cybersecurity czar were transferred to a newly created National Cyber Security Division of the Department of Homeland Security. Momentum stalled while the department struggled to fill hundreds of jobs. The division's new chief, Amit Yoran, a former executive with Symantec, did not assume his post until mid-September. ``We lost some time,'' said Greg Garcia, a vice president of policy at the Information Technology Association of America, a lobbying group and summit sponsor. The other industry sponsors are the Business Software Alliance and the U.S. Chamber of Commerce. Five areas of attention Garcia said the task forces are concentrating on five areas: raising the awareness of individual computer users about the need to protect their machines and update their software programs; creating a national cybersecurity response system; establishing best cybersecurity practices within companies and corporations; establishing best practices with regards to technical standards; and reducing computer vulnerabilities. Though lobbying groups are underwriting the summit, Garcia said the gathering was not a form of lobbying per se because the business community is not asking for anything except implementation of government policy. In fact, one expert says the sponsors have aggressively sought to shape cybersecurity policy, fighting off regulations that would have required companies to disclose security vulnerabilities and their level of cyber preparedness. ``The most powerful lobbying in the world is deflection,'' said Alan Paller, research director at the SANS Institute in Maryland, which focuses on cybersecurity training. But Paller said the summit still could be useful if it raised the profile of cybersecurity. ``The federal government has to lead by example,'' he said, noting that one of the biggest improvements in cybersecurity has happened in an area that was excluded from the national strategy. For instance, procurement officers at federal agencies have begun requiring suppliers to deliver products that meet security benchmarks established by the Center for Internet Security in Hershey, Pa. Karen Evans, who as the Department of Energy's chief information officer helped negotiate such an agreement with Oracle, now oversees technology purchasing for the entire federal government at the Office of Management and Budget. Yoran praised Evans' approach. ``Industry's voice is one we listen to and take into account,'' he said. ``But it is clearly not the only voice. We are concerned with what is in the public interest.'' Yoran said today's summit will facilitate dialogue not only between industry and government, but between users of security technology and academic experts as well. The summit is a ``call to action,'' he said, and a way of letting the public know ``we are now in operations mode.'' ---------------------------------------------------------------------- Contact Elise Ackerman at eackerman@private or (408) 271-3774. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Dec 04 2003 - 05:55:19 PST