SAN MATEO (06/05/2000) - Still bruised from bearing a myriad of cyberattacks during the last six months, U.S. companies will soon be able to access an ISAC (information sharing and analysis center) built to anonymously receive, define, and alert its members of any security issues that cross its path.
Spearheaded by the Information Technology Association of America (ITAA), the new center, expected to debut in late July, will provide a venue for companies to deliver and access up-to-date information regarding security threats, attacks, services, software, and system vulnerabilities, said Harris Miller, president of the ITAA, in Arlington, Va.
Companies such as AT&T and Electronic Data Systems have already signed up for the initiative.
Miller said the intention of the center is not to duplicate existing security organizations such as CERT or the SANs Institute but to create an atmosphere for companies to disseminate information without fear of it being leaked to the public or press.
"If you don't have trust, the information is not going to be passed between parties," Miller said.
Dan Hawkins, a system engineer at Boise, Idaho-based grocer Albertson's, said he would like to reside in the "security loop" of the center's contribution base stocked with information by security experts far better informed than him.
"I'm not a programmer; I've always been a systems engineer. I'll always err to the side of caution in security because I don't have that background," Hawkins said.
However, there are a few stumbling blocks surrounding the center, including where to locate the site, whether or not nonmembers should receive information, how the material will be accessed, and how to safeguard proprietary information it may receive. The federal government may play a role in that issue because the public is granted such powers under the Freedom of Information Act.
The center will be staffed with IT security experts, with companies each having one "point-of-contact" representative for the security ISAC.