Government woos private sector for cybersecurity

The White House has released a plan for improving the nation's cybersecurity that relies heavily on the cooperation of the private sector - which controls some 95 per cent of the nation's critical infrastructure and is a potential target of terrorist or hostile states.

"We have to have a partnership with the private sector to address these problems - this is not a matter where the federal government can simply step in and solve these problems," said US Department of Commerce undersecretary William Reinsch.

Some private computer networks are "are being surveyed, penetrated, and in some cases made the subject of vandalism, theft, espionage, and disruption," the report says.

But while federal officials are stressing the need for private sector cooperation, the plan doesn't detail just what companies should be doing to secure and defend their networks. Instead, the government has been trying to create a framework for working with the private sector well before the release of the plan today.

US Commerce Department officials recently met in New York with representatives of more than 70 companies to establish the groundwork for ongoing cooperation on computer security issues, such as sharing of electronic-attack information and best practices.

Federal officials also said there is no intent to force companies through regulation to improve security.

The presidential directive is "don't do regulation - those are our orders. It's not on the table," said Richard A Clarke, the National Coordinator for Security, Infrastructure Protection and Counter Terrorism, at a briefing today.

The plan calls for the creation of a centralized intrusion detection network for federal agencies, along with increases in federal spending on research and development and training.

President Clinton will seek $US2.03 billion next year for computer security and critical infrastructure programs, an approximately 17 per cent increase over this fiscal year's budget of $1.75 billion.

The plan would create an "Institute for Information Infrastructure Protection" to identify and fund information security-related research to "patch some of the gaps that currently occur in market-driven research in computer security," said Clarke.

It will also fund scholarship programs to encourage people to pursue college training in technology and information security in exchange for a commitment to work with the federal government.

The plan would also create a massive intrusion-detection system for rooting out cybercrime. Privacy groups have raised concerns about whether this intrusion-detection system would infringe on privacy.

Clarke said federal officials want privacy groups to be part of the design process "so they can satisfy themselves that there is no threat to privacy. The concept here is that we enhance privacy by putting alarm systems on files in cyberspace."

Join the newsletter!

Or
Error: Please check your email address.
Show Comments