Security: an uneasy alliance
JUST AS THE federal government was beginning to enlist a sometimes-reluctant private sector to share details about information system intrusions that could affect national security, it seems that the Bush administration has come to town armed with new ideas.
Despite ongoing efforts by the FBI and other government agencies to share CIP (critical infrastructure protection) information with businesses, the new administration has yet to recommit the Clinton administration's initiatives in government-industry collaboration. In fact, sources say Bush may move the CIP operations to the Department of Defense and out of the National Security Council, which could scare off companies that have begun to share information about possible system vulnerabilities with the government.
This move would come at a critical time in the effort to ward off cyberattacks to the nation's critical infrastructures -- such as banks, electric power plants, and the telecommunications grid -- that are crucial to military and government operations.
John Powers, former commissioner and executive director of Clinton's Commission on Critical Infrastructure Protection, says that the Defense Department under Bush is placing more emphasis on homeland defense and may shift infrastructure protection efforts to the department.
"Policy formulation for infrastructure protection is going to move out of the White House and may move into Defense," Powers says, which would be a shift in security policy. "The single most important insight ... is that infrastructure protection has to be a network of interlocking activities. What you need to have in place is what I would call a 'network manager.' The mission should be centered in the White House because only the White House can serve as the network manager."
Phillip Lacombe, former staff director of Clinton's commission on security and now president of Veridian Systems' information and infrastructure protection sector, says that Bush's reorganization of the National Security Council has not included details on the future of the federal office that coordinates infrastructure protection with business.
"We haven't seen the kind of public statement ... that those of us who are committed to this area would like to see from the administration," Lacombe says.
Still, no funding or other support has been withdrawn from the CIP efforts launched by the Clinton administration, Lacombe adds.
Easing corporate fears
Wherever the government office to run the nation's CIP efforts lands, observers says it will face obstacles that are often inherent in any federal effort to elicit cooperation from the private sector.
Mark Gembicki, chairman and CEO of WarRoom Research in Baltimore, says the new administration must focus its efforts on the potential economic implications for companies that don't adequately secure their systems.
"Companies cannot compete effectively if [their systems are] not secure," says Gembicki, who coordinated an electronic civil defense project for the government to demonstrate the growing cyberthreat to the nation's critical infrastructures. "Shareholder value is more important than national security in the eye of corporate America," Gembicki adds.
One of the core concepts of CIP is to convince the private sector to share intrusion data with federal law enforcement agencies. That may be hampered if the government
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
