Info sharing crucial to security, EDS exec says

[InfoSec News <isn () C4I ORG>]

http://www.infoworld.com/articles/hn/xml/00/10/16/001016hneds.xml

[Heads Up: EDS is the party that will be bringing on the new
state-of-the-art $7 billion Navy/Marine Corps Intranet contract -WK]

Monday, Oct. 16, 2000 2:19 pm PT
By Margret Johnston

WASHINGTON -- BUSINESSES have the primary responsibility for ensuring
security on the Internet, said Electronic Data Systems (EDS) chairman
and chief executive officer Dick Brown on Monday, but there also must
be a high level of cooperation between businesses and governments
worldwide to enhance security.

Brown said there is a striking diversity of cyber crimes being
committed, from hacker attacks and break-ins to viruses, and from
piracy to denial-of-service attacks. Preventing these crimes is
critical to the health of the digital economy because information must
be protected or no one will trade it, said Brown in a keynote speech
to the Information Technology Association of America's (ITAA)
inaugural global information cyber security conference.

"One of the things we all know as policymakers and business executives
is that we cannot afford for the digitial economy -- the Internet and
all the 'e' connections beyond it -- to remain as vulnerable as it is
today," Brown said. "We know this dynamic medium is of considerably
less value if it is not secure, reliable, and always available."

Businesses in all industry sectors should establish mechanisms for
information sharing in the event of an attack. Information Sharing and
Analysis Centers (ISACs) that have been established in the U.S. are a
good example, and Brown encouraged participation in them, but said it
should be voluntary, and the centers should be led by industry.

Brown also said governments should assess how and to what extent
information about a threat can be shared with industry, while at the
same time avoiding increasing regulations. In addition, he said
businesses and governments must step up to the challenge together and
invest in planning and information assurance services. Governments
worldwide should clarify criminal laws that pertain to cyber crime and
include industry in international agreements to fight cyber crime, he
said. He also stressed coordination so the investigative demands of
law enforcement in one country do not violate the laws of another
country.

Another critical concern of industry is the short supply of
experienced security professionals. Plano, Texas-based EDS is
addressing the issue internally through its Cyber Security Institute,
which trains new and current EDS employees who have transferred to the
company's security services group, Brown said. He added that the
institute soon will be open to people from outside EDS. On the margins
of the two-day conference the ITAA released the results of a poll on
Americans' concerns about the security of government computers.
According to the results of the poll, Americans are concerned about
the privacy of the personal data they share with the government and
about the government's overall ability to maintain computer security.

The poll showed that 63 percent of the 1,000 people polled by
telephone between Sept. 30 and Oct. 3 said they were less likely to
provide personal data to the government because of their security
concerns. The poll also showed that twice as many people trust
business more than government to do a better job of protecting data.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".