IT Resists Mandatory Cyber-Security

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,813715,00.asp

By Caron Carlson
January 8, 2003 

As the Bush Administration prepares to release the National Strategy
to Secure Cyberspace, the IT industry continues to resist efforts to
include technology mandates or regulations. Not all members of the
nation's critical infrastructure sectors are equally resistant to the
federal government dictating standards, however.

This afternoon, the President's advisor on cyberspace, Richard Clarke,
heard from top-level IT industry executives, who emphasized that the
government should promote security through its purchasing power rather
than through mandates. Thirty chief executives from all critical
infrastructure sectors make up the National Infrastructure Advisory
Council, which is providing suggestions on the strategy.

"When it's all said and done, the government has a huge, huge lever in
its purchasing power," John Thompson, chairman and CEO of Symantec
Corp., said in a teleconference with the advisory group today. "We
should encourage the government to settle on a set of standards for
their own use, but not dictate a set of standards."

Other industries, such as banking, have benefited from regulation, and
some members of the advisory group want to ensure that the strategy
does not preclude further beneficial mandates in those sectors. George
Martinez, chairman of Sterling Bank and Sterling Bancshares Inc., said
that banking regulations have spurred necessary investments and that
they could be expanded to include security.

Law enforcement also has been a proponent of a more stringent federal
approach to security. During today's teleconference, Gilbert Gallegos,
chief of police in Albuquerque, N.M., said that mandatory security
testing could help determine whether flaws exist in products before
problems arise.

Long accustomed to little oversight from Washington, the IT sector is
eager to ensure that it does not fall under a regime similar to
banking or other highly regulated industries, however.

John Chambers, president and CEO of Cisco Systems Inc., said that
regulations such as mandatory testing retard IT innovation and that
the strategy should not recommend mandatory testing.

Information-sharing is another major focus of the cyber-strategy, and
IT companies are also leery of government-mandated standards with
regard to system interoperability.

Margaret Grayson, president and CEO of V-ONE Corp., suggested that
that the information-sharing provisions of the strategy should be
strengthened with interoperability requirements, but that idea was
rejected.

Chambers, who serves as vice chairman of the NIAC, said that to
encourage open standards is the right message, but that forced
interoperability among a large number of companies is practically
unenforceable and an impossible burden on small companies.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.