IT firms unite to share security info

Presidential Decision Directive 63

Nineteen information technology companies came together Tuesday to formally announce the creation of a fourth center to help protect the information systems that support the United States' critical infrastructure.

The IT sector is the latest to form an information sharing and analysis center, as called for under Presidential Decision Directive 63. Issued by President Clinton in May 1998, PDD 63 sets the requirements for critical infrastructure protection.

The ISACs are intended to provide a mechanism for companies within the eight infrastructure sectors to share information about cyber threats, vulnerabilities and solutions.

In addition to the new IT-ISAC, the three sectors that have formed ISACs are banking and finance, telecommunications and electric power.

The arrangements create "a trusted path," said Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism at the National Security Council. Such trust will allow federal organizations such as the National Infrastructure Protection Center and federal agency computer emergency response teams to share security information, Clarke said.

While there are still four sectors to go, the creation of the IT-ISAC keeps the effort moving in the right direction, said Norman Mineta, secretary of the Commerce Department, the agency that serves as sector liaison for the IT industry.

"I think that it is a giant step forward in making sure that the nation's networks are as secure as we can make it," Mineta said. It is important that all sectors start their own centers, but the IT sector "is absolutely critical because it permeates the economy so completely," he said.

The IT-ISAC will recruit more IT companies to join. The technical work will be done by Internet Security Systems Inc., a security company that offers intrusion detection, vulnerability analysis and other products and services.

The information sharing will enable the members of the IT sector to better understand threats, collect and develop best practices and collaborate on potential solutions. That will lead to improved products and services for customers, including federal agencies, said Philip Lacombe, president of the information and infrastructure protection sector at Veridian.

The founding members of the IT-ISAC are Computer Sciences Corp., Veridian, Cisco Systems Inc., Hewlett-Packard Co., IBM Corp., Oracle Corp., Microsoft Corp., AT&T, Computer Associates International Inc., Electronic Data Systems Corp., Entrust Technologies Inc., Intel Corp., KPMG Consulting LLC, Nortel Networks Ltd., RSA Security Inc., Securify Inc., Symantec Corp., Titan Systems Corp. and VeriSign Inc.