National Security Council Contemplates Computer Security Issues

In a Web conference, the director of critical infrastructure for the National Security Council and six panelists from security companies emphasized the key issues of U.S. vulnerability to computer attacks.
Cooperation between private and public sectors will become increasingly important to ensure U.S. cybersecurity. That was the overriding theme of a Wednesday morning Web chat on IT security issues in the wake of Sept. 11.

The online discussion, moderated by U.S. Rep. Sherwood L. Boehlert, R-N.Y., chairman of the House Committee on Science, let participants pose questions to Paul Kurtz, director of critical infrastructure for the National Security Council. Online participants also queried panelists from six security companies: John Conlin, chief operating officer of Vericept; Peter S. Tippett, chief technologist at TruSecure Corp.; Bob Brennan, CEO of Connected; Randy Sandone, CEO of Argus Systems Group; Buky Carmeli, CEO and chairman of SpearHead Security Technologies; and Joe Magee, chief security officer at Top Layer Networks.

Kurtz emphasized the need for U.S. corporate involvement. "The private sector owns and operates around 90% of our critical infrastructure," he says. "We need valuable input and ideas from the private sector." Boehlert agreed: "What we need are new ideas and fresh approaches in the cybersecurity field. To put it simply, we need more people to do more creative thinking about computer security. That's what our adversaries are doing."

Boehlert pointed to the nation's growing reliance on computer networks, especially while U.S. postal and transportation systems face new potential risks. He also recounted a report the Science Committee received recently regarding U.S. vulnerability to computer attacks. The witnesses for that report made four main points:

  • The United States has a woefully inadequate investment in computer security.

  • Few top researchers have been drawn into the field of computer security, which has remained essentially unchanged in its (failed) approaches since its inception.
  • The federal government has no agency focused on and responsible for ensuring that the necessary research and implementation are undertaken to improve computer security.
  • Market forces have given most in private industry little incentive to invest in computer security, even as reliance on the Internet grows.
  • Kurtz also addressed the role of the Critical Infrastructure Board, which will ensure that each agency is implementing appropriate cybersecurity measures. The board--with Richard Clark as chairman--will also focus on issues such as investment, training and education of cybersecurity specialists, and research and development, Kurtz said. Making sure that communication during times of crisis, such as the attacks on Sept. 11, will be another priority for the board.

    Nearly 200 people registered for the 75-minute event, organized by Schwartz Communications Inc. Ironically, some folks were unable to join the security Web chat because of internal IT security. Frederick J. Balboni, Schwartz's government relations and special events specialist, says corporate firewalls kept several people from participating.