Security at a standstill?
- By William Jackson
- Jul 17, 2003
'There is a sense of frustration on both sides of the aisle.'
'Rep. Zoe Lofgren (D-Calif.)
Hill: Feds not doing enough to protect IT
Cybersecurity has 'taken a back seat to the physical threat, which has led to a dangerously lopsided approach to homeland security.' ' Rep. Adam Putnam
An 'unacceptably slow pace' is how Rep. Adam Putnam this month described the progress of government efforts to improve cybersecurity.
The Florida Republican said his House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census will be moving some legislation this year that will focus attention on information security before major problems occur.
Putnam was among the government and software industry officials at a Capitol Hill forum this month who agreed they must improve information security but disagreed about how to do it.
The Business Software Alliance and Washington's Center for Strategic and International Studies sponsored the forum on cybersecurity in e-government services.
Industry representatives argued against government regulation.
'Avoid mandates that stifle private-sector incentives to innovate,' Business Software Alliance president Robert W. Holleyman said.
Tim Hoechst, senior vice president of technology at Oracle Corp., said the government should 'use its power as the largest purchaser on Earth.' Calling the software industry 'a simple beast,' he said it will respond to the incentive of increased sales.
Customers place no premium on secure software, said Scott Charney, Microsoft Corp.'s trustworthy computing strategist. 'People buy products not for security but for functionality,' he said.
But Putnam insisted that industry has not moved fast enough to improve software quality and shore up its own security.
'It is incumbent upon the private sector, which operates 80 percent of the nation's critical infrastructure, to get its house in order and demonstrate that regulation is not needed,' he said. 'There are a couple of areas where I think the subcommittee will be drafting bills later this year that impact the private sector.'
Putnam also criticized Congress and the administration for what he called 'a lack of attention and understanding of the serious nature of the cyberthreat.' It has 'taken a back seat to the physical threat, which has led to a dangerously lopsided approach to homeland security,' Putnam said.
Other legislators agreed that government has not done enough.
'There is a sense of frustration on both sides of the aisle on where we are compared with where we need to be,' said Rep. Zoe Lofgren (D-Calif.), ranking member of the House Homeland Security Subcommittee on Cybersecurity.
Rep. Pete Sessions (R-Texas), the subcommittee's vice chairman, faulted the government's use of available security technology. He said events since Sept. 11, 2001, have eroded his confidence in the administration's ability to manage, secure and exploit information gathered by its databases and applications.Grade of F
'I would give them 50 percent credibility' instead of the near-certainty he formerly felt, he said. 'I think they have the technology. I think the management is a miserable failure. This government gets an F on it.'
Despite Putnam's prediction of new legislation, Sessions said Congress has not decided on the proper balance between incentives and regulation for industry. He said his subcommittee is looking into the insurance industry's role in risk management, how the year 2000 date change challenge was met, and the possibility of requiring disclosure of security audit results in Securities and Exchange Commission filings.
Lofgren said Congress doesn't know enough to regulate security effectively.
'The answer is not going to be a heavy, restrictive regulatory role by government,' she said, although some regulation could be necessary.
William Jackson is freelance writer and the author of the CyberEye blog.