washingtonpost.com  > Technology > Tech Policy > Security

Quick Quotes

Tougher Cyber-Security Measures Urged

Industry Alliance Pushes for a Higher Profile for Computer Vulnerabilities

By Brian Krebs
Special to The Washington Post
Wednesday, December 8, 2004; Page E05

A group representing technology industry executives yesterday called on the Bush administration to step up efforts to protect the nation's computer and Internet infrastructure, and it proposed that the top official in charge be given a higher profile.

The Cyber Security Industry Alliance urged the federal government to elevate the position of national cyber-security director to the assistant secretary level. The director now reports to an assistant secretary who is responsible for both cyber and physical security threats.

_____Cyber-Security_____
Vital Files Exposed In GMU Hacking (The Washington Post, Jan 11, 2005)
Microsoft Offers Anti-Spyware Software (The Washington Post, Jan 7, 2005)
Single Government ID Moves Closer to Reality (The Washington Post, Dec 30, 2004)
More Security News

"There is not enough attention on cyber-security within the administration," said Paul B. Kurtz, the alliance's director and a former senior cyber-security official in the Bush administration. "The executive branch must exert more leadership."

The alliance, an industry advocacy group that includes representatives from companies that sell cyber-security software, hardware and services, urged Bush to use his second term to focus more attention on cyber-security. Kurtz was joined at yesterday's event by Amit Yoran, the former director of Homeland Security's National Cyber Security Division who resigned in September.

"We really have an opportunity here to address cyber-security in a more aggressive fashion," said Yoran, who was the third high-level cyber-security official to leave Homeland Security in 18 months. "There is broad unanimity across the cyber-security community that we are still vulnerable and we need to do more."

The latest congressional effort to raise the profile of cyber-security within the Homeland Security Department failed this week. House leaders included language raising the cyber-security director's status in a bill designed to overhaul the nation's intelligence community, but the measure was stripped from the version of the legislation agreed to by House and Senate negotiators.

The technology industry alliance's recommendations closely mirror those set out in a 41-page report issued Monday by the House subcommittee on cyber-security, part of the Committee on Homeland Security. That report also calls for an assistant secretary post at Homeland Security, and it urges the administration to consider tax breaks and other incentives for businesses that make computer security a top priority.

The congressional report and the recommendations released by the technology industry group reflect growing frustration with the White House's commitment to implement its cyber-security strategy. A February 2003 report laid out the administration's vision for protecting key areas of the Internet from digital sabotage as part of a broader strategy for guarding vital U.S. assets.

The House Homeland Security Committee and the Cyber Security Industry Alliance both want the department to match budget money to specific cyber-security programs and to take the lead on creating a disaster recovery and response plan should the United States suffer a debilitating digital attack.

Both also want the White House to lean on the Senate to ratify the Council of Europe's cyber-crime treaty to help law enforcement bring more hackers and virus writers to justice and to dedicate more money to long-term cyber-security research and development programs. In addition, the administration should direct a federal agency to track costs associated with cyber-attacks, an effort that experts said will help drive a market for cyber-security risk insurance and help companies make a stronger business case for investments in computer security technologies.

Lawrence C. Hale, deputy director of Homeland Security's National Cyber Security Division, defended the department's progress. He cited the development of a program to find and fix vulnerabilities in so-called "digital control systems," the technology used to manage systems such as the power grid and chemical manufacturing processes. Hale added that the department has been working to expand national emergency response plans to include cyber-security. He also said the department has been instrumental in helping federal agencies respond to and prevent computer attacks.

"Do we have a long way to go? Certainly. But I would say that we're much better off than we were a year ago, and that both government and industry have made great strides," Hale said.

Krebs is a staff writer for washingtonpost.com. Washingtonpost.com staff writer Robert MacMillan contributed to this story.


© 2004 The Washington Post Company