Cybersecurity debate hits the road

* Boston hosts discussion of US national plan encouraging all Net users to do their part

Daily Times Report

BOSTON: The Bush administration’s cybersecurity road show came to town last night as Richard Clarke, special adviser to the president for cyberspace security, fielded questions on the administration’s draft National Plan to Secure Cyberspace during a town hall-style meeting at the Massachusetts Institute of Technology, according to the PC World.

The magazine says that meeting was one of a series the White House has planned across the country to solicit local feedback on the administration’s cybersecurity plan. The draft was released in September.

The tech-savvy audience generated a lively question-and-answer session after introductory remarks by Clarke and other speakers. The audience was a mixture of MIT faculty and students, security analysts, corporate technology personnel, and representatives of prominent security vendors. They called on Clarke to comment about a range of topics, from security tax credits to Microsoft to the need for comprehensive legislation that would secure cyberspace.

Security advisory only: In a short presentation to begin the meeting, Clarke recapped the administration’s draft plan to protect the nation’s IT infrastructure, which encourages individuals and businesses to secure “their part” of cyberspace.

For individuals, Clarke zeroed in on the need to protect personal and financial information by securing home PCs and home networks, using firewalls and antivirus software. For companies, Clarke underscored the need to secure networks not just to protect corporate assets but to better serve their customers and encourage faith in the reliability of online commerce.

The magazine adds that according to Clarke, the US government should encourage a focus on security by promoting the notion of the distributed nature of security. Public information campaigns could be used to prompt enterprises and individuals to invest in security software and hardware, according to Clarke.

At MIT, Clarke was joined on stage by others in the tech field. They included Jeffrey Schiller, director of the Internet Engineering Task Force; John Grossman, chief of the corruption, fraud, and computer crime division of the Massachusetts attorney general’s office; and Gary Beach, group publisher for CXO Media, a sibling company to PC World.

Avoiding regulation: On the subject of government regulation, Clarke stood by the government’s right to regulate the information technology industry but said the Bush administration believes regulation is not the appropriate means to achieve information technology security.

“There is regulation out there,” said Clarke, pointing to recent laws passed to force the implementation of security measures in the banking and health care industries.

“The question is: ‘Is regulation the way we want to approach the larger issue of IT security in industries where security-related regulation has not been happening?’ We’re reluctant to expand [regulation] into areas where there has not been regulation in the past regarding security,” Clarke said.

Instead, he proposed the U.S. federal government use its massive procurement power and annual $52 billion IT budget to stimulate market forces.

“If we start using our procurement power to enforce standards, that’s not regulation. It may have a beneficial effect on the quality of hardware and software,” Clarke said.

More than a few members of this technology-savvy audience seemed to agree. “You can enforce security standards when you have them to enforce.

Right now, I would claim that Internet technology and Internet security technology is sufficiently immature that we don’t understand what it is to secure things in a generic way,” said the IETF’s Schiller.

Microsoft’s role: On the subject of Microsoft, Clarke said that the government had a “frank and friendly dialogue” with the Redmond, Washington, software maker; he stated his belief that the company had made significant strides with its security initiative, which it calls “trustworthy computing.” But Clarke left the door open for further government involvement in making sure that the company’s products were secure. “Microsoft has made a commitment that I would like to see the federal government hold them to, that future products will have a significantly higher level of security,” said Clarke.

Home | Infotech