National Security Plan Could Calm Customers


Solution providers welcomed the proposed National Strategy to Secure Cyberspace released last week, saying that the federal government's ultimate role may be to indirectly help assuage clients' fears about conducting e-business.

Created by President Bush's Critical Infrastructure Protection Board, the draft offers 80-plus recommendations on how home users, small businesses, large enterprises, universities and the government can help secure the Internet.

The draft document will be available online at www.securecyberspace.gov" for comments until Nov. 18.

The strategy, which supplements the Homeland Security Strategy and National Security Strategy, emphasizes public-private partnerships and does not propose government regulations to secure the Internet.

"The government cannot dictate. The government cannot mandate," said Richard Clarke, Bush's special adviser on cyberspace security. "The government cannot alone secure cyberspace."

Solution providers said it's appropriate that federal officials push for standards for preventing cyberthreats, since those standards may pave the way for IT integration opportunities.

"Companies like [ours can help execute [anti-cyberterror strategies, but technologies and standards need to be vetted first," said Anand Mallipudi, vice president of strategic alliances at CellExchange, a Cambridge, Mass.-based solution provider.

"Organizations may be comfortable getting a trusted body [to verify technologies that can protect them," Mallipudi said.

Among other things, the government recommends the development of a clearinghouse for promoting more effective software patch implementation; more support for security training, education and research; and an effort by Congress to remove impediments to information-sharing about cyberspace vulnerabilities between the public and private sectors.

Doug Goodall, president and CEO of Pittsburgh-based RedSiren, said the government's strategy will go a long way toward raising awareness of cybersecurity.

"By coming up with a strategy, what they've done first is clearly increased awareness that cybersecurity is becoming as real of a business issue and risk-management issue as physical security," he said.

Security integrators say their clients' anxiety about cyberattacks is potent.

Bharat Manglani, CEO of FootPath, Waltham, Mass., said one of his retail customers posts its overnight batches of credit card and check transactions over a phone line to its bank out of fear that even a dedicated Internet connection won't protect the data from those poised to steal it.