Feds, industry at odds over data, duties

Recommendations that the government form partnerships with the private sector to stave off an "electronic Pearl Harbor" won praise from a Defense Department official but drew criticism from private-sector representatives during Congressional testimony last week. Air Force Gen. Robert Marsh chairman of the President's Commission on Critical Infrastructure Protection last week briefed the Senate Subcommittee on Technology Terrorism and Government Information as well as the House Subcommittee on Technology on the panel's findings which call for partnerships between the private-sector owners and operators of critical national infrastructure - such as energy and telecommunications - and the federal government to share the responsibility for protecting these infrastructures. The panel released an unclassified version of its report last week.

"We knew this could not be a big government effort " Marsh said. "Our national and economic security has become a shared responsibility. The private sector is responsible for prudent business investments to protect against hackers. The federal government must collect information and share it with industry so they can take action. Waiting for disaster is a dangerous strategy."

These new alignments between the government and the private sector should involve information-sharing about the vulnerabilities of systems that support the critical infrastructure Marsh said. The infrastructures examined by the panel include telecommunications electric power transport oil/gas delivery and storage water banking and finance emergency services and government services. The report recommends that federal agencies expand the availability of computer system risk assessments to the owners and operators of these critical infrastructure and inform them of the tools available to protect these systems. In addition the private sector should move to invest in tools to reduce their exposure Marsh said.

John Hamre the deputy secretary of Defense told the Senate panel last week that government/industry cooperation is crucial because an attack against the United States will not necessarily come as an attack against the traditional military of the country.

"There is going to be an electronic attack on this country some time in the future " Hamre said. "We can either choose to be ready or we can ignore and suffer very serious consequences."

Sen. Jon Kyl (Rep-Ariz.) said the weaknesses of many government systems were highlighted during a recent surprise military exercise. Although the details of the exercise are classified Kyl said it revealed "serious vulnerabilities" in government information systems.

"Because of the ambiguous nature of information attacks it can be extremely difficult to know even in the midst of an attack what is really happening " Kyl said. "Are destructive incidents the work of criminals or an act of war? For government personnel - military intelligence and law enforcement - that confusion can be fatal."

Industry has long understood the need for information security and network reliability said Glenn Davidson executive vice president of the Computer and Communications Industry Association an association that represents hardware and software manufacturers telecommunications companies and online service providers. But he added industry would object to the government requiring the private sector to bear the cost of "ruggedizing" the nation's critical infrastructures.

"If our nation's security and law enforcement agencies desire a higher level of security and reliability of our systems and networks then they should be the ones to pay for it " Davidson said. "Shared responsibility is a code word for `You are going to pay for it.' The cost of the difference between what we provide our customers to allow safe communications and what the government wants for law enforcement purposes should be borne by the government."

Russell Stevenson general counsel of CyberCash Inc. an electronic commerce concern also urged Congress to limit the role of government to research and development efforts and to identifying weaknesses in the infrastructure that cannot be adequately addressed by the private sector he said.

"Laws move at the speed of Congress " he said. "The Internet moves at the speed of light."