Weekly interest and loan rates | Northwest stock contest 2003 Tax tips | Consumer affairs | Home values

Homeland Security chief warns tech firms to cooperate on cybercrime

By Rachel Konrad
The Associated Press

	PAUL SAKUMA / AP Homeland Security Secretary Tom Ridge speaks yesterday at the first National Cyber Security Summit in Santa Clara, Calif.
	E-mail this article Print this article Search archive

"The enemies of freedom use the same techniques as hackers do," Ridge said to 350 industry executives gathered for the first National Cyber Security Summit. "We must be as diligent and determined as the hackers."

The two-day conference, sponsored by the Department of Homeland Security and more than a dozen tech companies and trade groups, was the first formal brainstorming session to draft security guidelines and cyberattack-warning systems.

Ridge said the department intends to educate security managers in industries from banking to transportation, as well as at least 50 million Americans with home computers, about the potential dangers.

The conference comes amid debate about the best way to protect the nation's vast computer network against attacks that range from time-wasting and costly worms and viruses to terrorists who might break into government servers in search of sensitive data about nuclear programs or the president's travel schedule.

Silicon Valley, which generally takes a hands-off approach to regulation, is opposed to formal policies and guidelines.

The Business Software Alliance trade group introduced a survey yesterday claiming that at least 78 percent of information-security managers believe their organizations are already able to defend themselves against a "major cyberattack."

The organization also released a detailed checklist for companies to ensure that their computer and telecommunication equipment was adequately prepared for what one government official called a "cyber 9-11."

The Bush administration has generally been receptive to Silicon Valley's lobbying efforts. But Bob Liscouski, assistant secretary for infrastructure protection — a new agency within the Department of Homeland Security — said the government reserves the right to wield the stick rather than dangle the carrot when it comes to cybersecurity.

"We need demonstrable results so we can say the private sector is taking the problem seriously," Liscouski said. "If we can't say that, I can tell you there are a lot of people who will legislate to tell you what to do."

Given the daunting potential scope of cyberterrorism, even some technology-industry leaders say that government regulations might make sense. Although suggested guidelines and recommendations are steps in the right direction, an attack could come if a single laptop containing sensitive data were lost or stolen from a national weapons laboratory.

"Everyone in business says they want to or should be secure, but that's like everyone saying they want to or should be thin," said Ira Winkler, chief security strategist for Hewlett-Packard.

"If recommendations are not mandatory, companies will say they don't have the $10 million to invest in security, especially in this economy," Winkler said. "But if you can tell shareholders that the expenditures are mandatory, the shareholders will understand."

Executives at the conference met yesterday in working groups to advise the Homeland Security Department on subjects that include how to set up early-warning networks and encourage companies to design better software. One early idea under consideration: professional licenses for software writers, similar to those for doctors and engineers.

The executives said they hope they'll be able to share ideas with government officials in more formal meetings, including quarterly conferences and an annual summit.

Copyright © 2003 The Seattle Times Company