Before I try to connect that to my main point, permit me an aside. Last week, in a story describing a new willingness among airline passengers to confront and attack would-be hijackers, The New York Times reported that in August 2000, a 19-year-old U.S. citizen tried to kick down the cockpit door of a Southwest Airlines plane and was subdued by passengers who overpowered him, then sat on him to keep him under control. The would-be hijacker died, apparently as a result of being unable to breathe while being restrained by the passengers. At this point in the story, science fiction or just sheer lunacy comes into play, so I will quote directly from the Times article: "No charges were filed in the man's asphyxiation, but a lawyer for the man's relatives said the death could have been avoided if flight attendants had been properly trained in restraint techniques." Ah, yes--those darned flight attendants again. They're probably also the ones responsible for all weather-related delays as well, because if they were just properly trained in weather control and climate change, they could clear the skies of such trivialities as storms and lightning.
"They are the names of men and women who began their day at a desk or in an airport, busy with life. They are the names of people who faced death, and in their last moments called home to say, 'Be brave.' And, 'I love you.' They are the names of passengers who defied their murderers and prevented the murder of others on the ground. They are the names of men and women who wore the uniform of the United States, and died at their posts. They are the names of rescuers, the ones whom death found running up the stairs and into the fires to help others."
--President George W. Bush, speaking during the National Day of Prayer and Remembrance, Sept. 14, 2001
So into this breach of litigious lunacy comes what many would consider to be a perfectly sound, reasonable, productive, and even patriotic idea spawned by the terrorist attacks of Sept. 11 and the promises of Osama bin Laden and others that the war on America has only just begun: U.S. companies should share information on security breaches they've suffered so we can all learn from our collective experiences and thus be better-prepared to keep our systems protected from possible terrorist attacks. Our own InformationWeek Daily E-mail newsletter and InformationWeek.com carried extensive coverage of the plan last week (informationweek.com/858/share.htm), noting that Congress is reviewing proposed legislation that would encourage businesses to share security data with the federal government under the promise that such information would be kept private. The proposed law would shield companies engaged in such sharing from antitrust restrictions that might normally prevent such exchanges.
Makes a lot of sense, right? Establish something of a clearinghouse for ideas, processes, and technologies that can help prevent damage from terrorist attacks on IT systems; everybody benefits, right? In a perfect world--or even just a nonlitigious world--it would work very well indeed. But one can just imagine the trial lawyers drooling over the prospect of challenging the protection of such data, slobbering over the aroma of evidence--proof!!--that security has been unsecure and that some clients they can scrape up are thereby due hundreds of millions (with one-third of that going to the great plaintiff protectors). Or as one of our Daily readers put it: "If one company gets hit by a novel method of attack and fails to reveal that to the world, then others who get attacked in the same way can sue the first victim for its failure to provide them with the information they could have used to protect themselves."
Perhaps in the midst of these larger discussions, plans for muzzling the plaintiff bar can be hammered out. If not, what company in its right mind would expose itself to the potential for havoc wrought by tort lawyers fresh on the trail of "victims?"
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.