Information Security News mailing list archives
White House hosts Net security summit
From: InfoSec News <isn () C4I ORG>
Date: Wed, 20 Sep 2000 03:50:31 -0500
http://www.zdnet.com/zdnn/stories/news/0,4586,2630067,00.html By Bob Sullivan, MSNBC September 19, 2000 3:03 PM PT A group of key high-tech executives agreed at a White House meeting earlier today to move forward on a plan to set minimum security standards for big companies that connect to the Internet, MSNBC.com has learned. The meeting was attended by Microsoft, IBM, Oracle, Boeing, the National Security Agency and U.S. Secretary of Commerce Norm Mineta. The meeting was seen as a first step to set universal minimum security standards for business-to-business companies, according to Alan Paller, director of the SANS Institute. In B2B commerce, companies often tightly link computer systems so, for example, a parts supplier can find out if its customers are running low on inventory and ramp up production even before an order is placed. But that means the stakes are high in B2B networks, where corporations must open at least some of their internal systems to other companies. The group's first action was to set up a committee headed by Paller and Exodus Communications (Nasdaq: EXDS) security chief Bill Hancock. That committee will review existing, smaller projects to set standards within limited networks and report back to the larger group within 30 days. Reinventing the wheel "We don't want to reinvent the wheel," Paller said. While most of the corporations present expressed little willingness to support a set of government-controlled regulations, there were general requests to clarify Internet crime jurisdictional issues. The group also acknowledged a need to include foreign governments and corporations in the work of setting minimum standards, since Internet-based attacks can come from outside the country as easily as inside U.S. borders. "There is only one network," he said. For most of the three-hour meeting, corporate executives shared war stories about computer break-ins they'd suffered, Paller said. The final hour of discussion turned to proposed solutions. One proposal for minimum standards that might serve as a model came from Visa International , Paller said. Visa already plans to impose its standards on all of its 21,000 logo merchants within 12 months, Paller said. They include: Firewall installation, operating system and application patch updates, and use of encryption for both stored and transmitted data. A center for net security? Paller also discussed a SANS-supported proposal for a permanent organization devoted to setting such standards on a broader basis. The group would include representatives from several industries and be called the "Center for Internet Security." Paller said he hopes such a group will begin work within two weeks. "What we're going for is ... if you follow these standards, we can protect everyone from a denial-of-service attack," Paller said. Tuesday's summit meeting also included representatives from the Critical Infrastructure Assurance Office, the Defense Advanced Research Projects Agency, the National Institute of Standards and Technology, and corporations like Exodus Communications, EDS and Covisint -- an online parts exchange set up by five major automakers. Reaching agreement on minimum standards is essential, Paller said, because many of the problems of computer security stem from confusion and ignorance rather than lack of effort, he said. He said during the meeting two different security firms presented data showing that nearly all break-ins are the result of simple errors like failure to install software patches. "We don't need to tell everybody who's doing security to do more," he said. "We need to bring the 99 percent of the world not doing anything and bring them up to standard." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- White House hosts Net security summit InfoSec News (Sep 20)