VARs, Vendors Excited About Cyber Security Plans

As U.S. military groups continue to battle insurgents in Iraq, an industry organization that includes representatives from Microsoft and Computer Associates International is working with the U.S. government to help keep corporate networks secure.

The National Cyber Security Partnership's Task Force For Improving Security Across The Software Development Cycle released a series of recommendations earlier this month to improve software security. In addition, the task force called for the U.S. Department of Homeland Security to establish measurable annual security goals for a national cybersecurity infrastructure and recommended the U.S. government have a role in supporting secure software products.

Ron Moritz, co-chair of the task force and chief security strategist at CA, Islandia, N.Y., said the group's 123-page report was just the beginning of a long process of developing comprehensive recommendations for government, industry and academia.

KEEPING CYBERSPACE SECURE The National Cyber Security Partnership's task force issued recommendations in a number of areas to improve security in the computer industry. Some of those recommendations included the following: >> Creating an initiative to make security a core component of university software development programs >> Forming a software security certification accreditation program >> Founding industry awards for secure software development practices and products >> Developing a privately funded program to offer rewards for catching cybercriminals

"[This] is the low-hanging fruit," he said. "This is a great opportunity, at the national level, to [get] the government motivated %85 to think about the problem."

Specifically, the report suggested widespread changes in four divisions: education, software process, patching and incentives.

To improve the software development process, for instance, the task force advised that software developers adopt the best practices to create secure software code, measure the effect of their secure-coding practices and disclose the results. The group also recommended that companies patching software adhere to best practices, such as making patches small, easy-to-install and reversible, and eliminating patches that require system reboots.

Vendors and resellers in the security industry reacted strongly to the task force's recommendations, noting that any sort of increased government emphasis on corporate security ultimately will lead to more profits for them.

Zone Labs President and COO Irfan Salim said the suggestions reinforce the message the San Francisco-based endpoint security vendor's has been promulgating for years.

"The foundation for Internet security can be found in educating users and in using the 'balanced breakfast' of Internet security,updated antivirus software and a good personal firewall," he said. "It is encouraging that %85 the task force recommends a partnership with the private sector to educate Internet users about practical protection methods while stressing the responsibility that each one of us has in protecting cyberspace."

Gordon Hunter, vice president of federal sales at iGov, a solution provider in McLean, Va., agreed. "The fact that people are starting to pay some serious attention to securing their systems is great for us," said Hunter, whose company participates in more than a dozen major channel programs. "Now that [security] is becoming a priority on the federal policy level, it's becoming easier [for us] to notch sales at all levels."