[IP] U.S. may need to step in, says cybersecurity report

Dave Farber dave at farber.net
Thu Apr 1 16:51:10 PST 2004


Thursday, April 01, 2004 - Page updated at 12:00 A.M.

U.S. may need to step in, says cybersecurity report

By Ted Bridis
The Associated Press

WASHINGTON - In a surprise shift, leading software companies acknowledge in
a report to the Bush administration that the government might need to force
the U.S. technology industry to improve the security of America's computer
networks.
The companies, including Microsoft and Computer Associates International,
said the Homeland Security Department "should examine whether tailored
government action is necessary" to compel improvements in the design of
computer software.

The 250-page report containing that recommendation and dozens more is being
released today. It cautions that government should require security
improvements only when market forces fail. It also says businesses already
are demanding software that is safer and more resilient to attacks.

But the report says the most sensitive computer networks - such as those
operating banks, telephone networks or water pipelines - "may require a
greater level of security than the market will provide."

In those cases, the software companies recommend "appropriate and tailored
government action that interferes with market innovation on security as
little as possible." It urged the government to work with companies to
produce a formal study during the 2005 fiscal year, which begins in October.

The public acknowledgment that any level of new government regulation might
be needed to improve software security represents an important shift by the
technology industry. It has vigorously contested mandates from Washington
during the past decade, even in the face of increasingly devastating
attacks by new generations of hackers and viruses.

"That's a big lean in the right direction," said Alan Paller of the SANS
Institute in Bethesda, Md., a computer-security organization. "It's a nod
to reality; they're nodding but they've got their heels dug in."

The industry recommendations were solicited by the Homeland Security
Department's cybersecurity division in December.

Other recommendations include:

* Spending at least $12 million, including $6 million in government money,
during the next 19 months for a dozen new academic fellowships nationwide
to teach future computer engineers to design safer software.

* Providing unspecified incentives to companies for reducing software defects.


* Offering bounties for information leading to the conviction of hackers
and virus writers.

* Establishing a cybersecurity report card for operators of the most
important computer networks.

* Setting up a government laboratory to keep track of software repairing
patches and test how effectively they work.



-------------------------------------
You are subscribed as rah at shipwright.com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list