MENLO PARK, CALIF. (05/12/2000) - Senator Fred Thompson (Republican-Tennessee) last week brought his crusade here for legislation that would require the government to review its security practices annually.
Thompson discussed his bill in an address at the Internet Defense Summit, a gathering of some 100 corporate security managers who met with politicians and law enforcement representatives to refine strategies for fighting computer crime.
Attendee Gary White, a security research manager at London-based BP Amoco PLC, said he was pleased to see the large turnout and the presence of government officials at the summit. "It is an indication that IT security is being recognized at high levels in corporations," White said.
Thompson's proposed Government Information Security Act was approved last week by the Senate Government Affairs Committee, of which Thompson is chairman.
Nonetheless, the senator cautioned that the federal government doesn't have the resources to prosecute security suspects. Thompson also said Congress shouldn't pass legislation that forces companies to cooperate with investigations.
"We don't know yet how to run our own shop," Thompson said, adding that companies have to create their own security defense plans. He said the government could assist by providing grants for security research, giving tax breaks to firms that develop security tools, enforcing current laws and increasing the number of visas for high-tech workers, thereby helping to ease the chronic shortage of people trained in security practices.
A few participants called on software firms to make their applications more secure. One suggestion was that default settings in software should automatically be at the highest level of security available.
"You wouldn't build a swimming pool in the center of town and not put a fence around it, and I think that's what the software companies are doing," said Glenn Tenney, a director at Pilot Network Services Inc. in Alameda, California, during a luncheon that was open to reporters.
Most of the summit took place behind closed doors, in what summit organizers said was an effort to encourage candid discussions about security problems and how attendees have learned to cope.
At the luncheon, Selwyn Gerber, a managing partner at Los Angeles-based offshore investment firm PrimeGlobal LLC, said his company considers the Internet so insecure that it won't use it to transmit sensitive customer data.
"We're back to using faxes, and we find that much more secure," Gerber said.
"We [also] use [Federal Express Corp.]. In fact, if there were ponies still traveling across Europe, we'd probably use those, too."
James Niccolai of the IDG News Service contributed to this story.