White House offers Net-security plan

Recommendations, not new regulations

September 19, 2002|By COX NEWS SERVICE

PALO ALTO, Calif. - The Bush administration formally introduced the first national strategy for Internet security yesterday, calling for businesses, consumers and government agencies to voluntarily step up their computer security efforts.

Unlike other government initiatives that followed the Sept. 11 terrorist attacks of last year, the cybersecurity plan stops short of mandating new regulations - a testament to the fact that control of the Internet is essentially out of the federal government's hands.

Among the recommendations of the new National Strategy to Secure Cyberspace:

Corporate CEOs should consider forming companywide councils to develop policies to keep hackers and terrorist groups from tapping into sources of sensitive information such as bank accounts.

Internet companies should consider adopting "codes of good conduct" governing cybersecurity practices.

Home Internet users should regularly download and use anti-virus software and Internet "firewalls."

State and local governments should consider forming regional and nationwide groups to work on Internet security.

Reflecting the technology industry's wariness about government controls, even these suggested remedies are open for public comment over the next 60 days before any specific recommendations are sent to the president.

"The reason for this unique participation process is that we strongly believe this has to be a strategy not imposed by federal government, but one designed by the American people," said Richard Clarke, chairman of the White House's Critical Infrastructure Protection Board.

In part, Clarke doesn't have a choice.

About 85 percent of the infrastructure of the Internet is controlled by private industry. The government has no clear system, and little authority, to regulate the far-reaching and ever-evolving Internet.

For that reason, the new national security plan relies heavily on the creation of new "public-private partnerships" between business and government leaders. Dozens of industry leaders, representing everything from the railroad business to banks and water suppliers, lined up to pledge their support for the program at an event announcing the plan in the heart of Silicon Valley.

While the methods to make the Internet more secure are still being developed, the need to do so is clear.

Clarke said federal authorities have confirmed that the al-Qaida terrorist network downloaded cyberattack tools prior to last Sept. 11. Other terrorist groups, he said, are "clearly doing some reconnaissance on the Internet. Just as troublesome, Clarke said, is the growing number of hacker attacks that have slowed the Internet at times. Last year, such attacks cost the government and private companies somewhere between $13 billion and $17 billion, he said.

Those involved with the 10-month process of drafting the proposed policies defended them as merely a long overdue first step.

"Quite frankly, as we rampantly built out the Internet with no regard for security or privacy or the cost associated with them ... essential pieces were overlooked," said Thomas Noonan, chairman of Atlanta-based computer security company Internet Security Systems Inc. and a member of a presidential panel behind some of the recommendations.

"They were overlooked by government, they were overlooked by the private sector and now we're coming back and paying the price for that," Noonan said.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.