Skip to main content /TECH with /TECH

Schmidt lays out cyberprotection board agenda


By Dan Verton

(IDG) -- Six months to the day after the September 11 terrorist attacks, Howard Schmidt, vice chairman of the president's Critical Infrastructure Protection Board, said the government is close to releasing an updated plan for protecting the nation's most critical systems and networks.

Schmidt, formerly chief security officer at Microsoft Corp., said a new national plan for information systems protection will be on the street this summer. The document would supercede an earlier plan released by the Clinton administration in 2000 and will be based largely on input from private companies, according to Schmidt and earlier statements made by Richard Clarke, the president's principal adviser for cybersecurity. Schmidt made the statements Monday during a live webcast sponsored by Network World magazine, a sister publication of Computerworld.

National Security Council experts are poring through more than 127 questions and issues raised by private companies, which operate the bulk of the nation's critical infrastructure, including the telecommunications grid, power stations and banking and finance networks, said Schmidt. INFOCENTER
Related Stories
Visit an IDG site search

In addition to delivering the national plan to the president, Schmidt outlined three other priorities that have taken shape since the presidential advisory board was established in the wake of the September 11 attacks. One of those priorities is establishing the Cyber Warning Information Network (CWIN), which would enable authorities to "short-circuit viruses" and other attacks at the boundaries of critical networks, said Schmidt. The government also wants to focus more on research and development to increase the lead time on identifying future threats. A third priority is to improve education, including at the primary grade level, on ethical principles and computer use, said Schmidt.

Although terrorists have primarily used the Internet to conduct command, control and communications, there are fears that future attacks could be accompanied by cyber-based incidents. "We never know whose fingers are on the keyboard on the other end," said Schmidt. The Bush administration is working with G8 member countries to establish treaties to facilitate prosecutions for international cybercrimes, said Schmidt.

And while he's satisfied that progress has been made by the private companies responsible for protecting the nation's critical systems, Schmidt said the administration has a "particular concern" about the telecommunications grid and banking and finance systems that people rely on for day-to-day living.

Peggy Weigle, CEO of Santa Clara, California-based security consulting firm Sanctum Inc., said her firm has conducted security audits at more than 300 companies across all sectors and found that 97 percent of them were vulnerable to potentially crippling attacks through the Web-based applications they use to conduct business on the Internet.

Weigle also confirmed details of a story first reported by Computerworld about an audit conducted at a major airline in which the passenger manifest and reservation system was compromised (see "Wireless LANs: Trouble in the air," link below).

Since Computerworld first reported the findings of its investigation, San Jose International Airport has appointed 20 private-sector and local government experts to a blue-ribbon panel to study the IT security technologies that hold the greatest promise of bolstering the security of the airline industry's infrastructure, said Weigle. There's a chance that the panel may become a pilot project for the rest of the industry to replicate, she said.

Sanctum also conducted another audit for an electric power company and was able to compromise the utility's maintenance schedules, said Weigle.

Weigle said the government may need to pass additional legislation "to make things happen" because corporate executives aren't devoting enough attention to cybersecurity.

Schmidt said the level of vulnerability "varies from sector to sector" but that overall, "we've not had a very integrated approach."




Back to the top