Government Information Security Act may be voted on later this yeargreenspun.com : LUSENET : TB2K spinoff uncensored : One Thread
Internet Defense Summit tackles information security
Updated 3:23 PM ET May 9, 2000
by Anne Knowles, eWEEK
MENLO PARK, Calif. -- In the area of Internet security, the U.S. government needs to set an example for corporations and consumers rather than try to legislate how businesses and citizens should protect themselves.
That's according to Sen. Fred Thompson (R-Tenn.), chairman of the Senate Governmental Affairs Committee and co-sponsor of the Government Information Security Act, who spoke here today at the Internet Defense Summit.
"The federal government should get its own house in order and be a role model," said Thompson. "The government has not demonstrated an ability or willingness to protect itself."
That is the goal of the Government Information Security Act, a bill sponsored by Thompson and Sen. Joseph Lieberman (D-Conn.) and approved by the Committee in March. Thompson said he hopes to see the bill passed by the end of year, after it is consolidated with several similar House-sponsored proposals.
The Act calls for the federal government to follow a set of management requirements derived from the Government Accounting Office's best practices audit work on information security. It also gives oversight for national security systems to the Secretary of Defense and the Director of the Central Intelligence Agency.
Those kind of rules, however, should not be extended by the government to businesses, which according to Thompson already know how to protect themselves.
"The government is not prepared to and should not propose requirements in industry," said Thompson. As the recent "Love Bug" virus demonstrated, he said, "Industry does not need the government to explain what happened."
But the virus, which brought many corporate networks to their knees, also showed that even the most technology-savvy companies aren't taking the necessary precautions to protect themselves.
How Washington can help
Thompson said the federal government can encourage businesses in indirect ways without mandating security requirements. For example, the government should raise the visa limit so qualified IT workers can work in the U.S, he said, as well as pass a permanent research and development tax credit. The government should also act as a clearinghouse for ideas.
"One thing the federal government does best is research and development," Thompson said.
The public and private sectors should continue to work together to find a way to combat what Thompson said is one of the biggest threats to governments. "This may be one of those rare occasions when the mutual interests of the government and business are clear," he said.
The one-day summit at which Thompson spoke was sponsored by Stanford Research Institute International, Atomic Tangerine (a venture arm of SRI) and ForbesASAP. Participants at the closed summit included executives and security experts from such corporations as AT&T Wireless, Oracle Corp., BP Amoco, Edison Electric Institute, Motorola Corp. and Hewlett Packard Co. In addition to Thompson, Ray Kendall, secretary general of Interpol, spoke via satellite from Brussels.
Atomic Tangerine also announced its first spin-off, called SecurityPortal. The startup, launched today and available at SecurityPortal.com, is a security information center and consultancy.
SRI announced the availability of Emerald (Event Monitoring Enabling Responses to Anomalous Live Disturbances), detection and surveillance software that currently runs on Solaris servers.
The suite was developed by DARPA (the Defense Advanced Research Projects Agency) and is available for free download at www.sdl.sri.com/emerald/releases.
-- (firstname.lastname@example.org), May 10, 2000