In an effort to protect critical infrastructure from cyber attacks, the federal government is trying to establish a dialogue with industry and enlist the help of IT professionals to protect against future attacks, says Paul Kurtz, senior director of the Office of Cyberspace Security, a unit of the White House's National Security Council.

"We do have enemies capable of mounting sophisticated attacks," Kurtz said in his keynote address last week at INT Media Group's E-Security Conference and Expo in Vienna, Va. "Infrastructure is a target, that's obvious."

Although terrorists struck against physical infrastructures on Sept. 11, he said it would be folly to think only about protecting similar infrastructure going forward. "Don't plan for a future based on the past," he said.

Kurtz described the fight against cyberterrorism as both national and global in scale. He said he's been to India twice in the past three months, has talked to Italian officials and had two or three meetings with Japanese government officials, with another scheduled this month.

Last October, the president signed executive order 13231 on critical infrastructure, which was in the works prior to Sept. 11. As part of that order, the federal government is seeking input from industry on a series of 53 questions aimed at improving cyber security for five sectors: home user and small business, major enterprises, national information infrastructure, national institutions and policies, and global.

Anyone can provide input on the questions, which are available at www.sans.org/nationalstrategy.php. Ultimately, the goal is to come up with a national strategy to address cyber security issues specific to each area.

Solutions will be implemented in partnership with the private sector, which Kurtz acknowledged is new ground. "We've never really done this before," he said. "I would argue that everybody has a responsibility here."

For its part, federal government is taking information security far more seriously than in the past. "The [Office of Management and Budget] is returning budgets that don't adequately cover IT security," Kurtz said. "This is the first time they've done that."