US companies act to keep hackers at bay

Although cyber attacks have been the preserve of amateurs, the administration is concerned that sponsored terrorist attacks are increasingly possible.

The new ‘National Strategy for Securing Cyberspace’ aims to set out how best to protect systems against such attacks and after years of consultation it is expected to be published in the next few weeks.

The goal of the strategy is for US companies to identify their most mission-critical infrastructures and begin beefing up protection policies and processes. Getting the companies to comply is essential as the private sector runs between 85 to 90 per cent of the critical infrastructure in the US.

The administration has also hinted at demanding companies take certain measures if the private sector is slow to adopt the plans.

Associations representing the private sector are adamant that the US government has no role in stipulating how security should be deployed. ‘While the private sector is receptive to what the administration might say, we certainly do not need any further regulation,’ said Bob Cohen, senior vice president at the Information Technology Association of America.

On the surface both the White House and the private sector have the same approach – with both calling for a ‘market-driven’ initiative, but private sector concerns are already emerging.

Long wary of publishing news of any computer intrusions or attacks, US corporations believe if they are to keep the government informed of attacks, details could later be made public. ‘The Freedom of Information Act could well make companies less forthcoming,’ said Cohen.

In addition, companies are concerned that by sharing information with market competitors, they might run up against antitrust laws. ‘Working as a group could be perceived by the Department of Justice as colluding,’ said Cohen.

How well the new strategy tackles these key concerns could determine whether companies back the new strategy or if a more heavy-handed governmental approach is likely.