Establishing Digital Trust: Don't Sacrifice Security for Convenience
By forming the Council, Schmidt said he was fulfilling a pledge he made to Department of Homeland Security Secretary Tom Ridge and National Security Advisor Condoleezza Rice when he left the White House. That pledge was to continue working to develop public-private partnerships aimed at addressing security concerns, said Schmidt, who currently serves as eBay's chief information security officer.
The team Schmidt put together is a veritable who's who of security and Internet experts. In addition to Schmidt, the Council consists of: Bill Boni, chief information security officer at Motorola; Vinton Cerf, vice president of technology strategy at MCI and often mentioned as one of the founders of the Internet; Scott Charney, chief security strategist at Microsoft; Dave Cullinane, chief information security officer, Washington Mutual; Mary Ann Davidson, chief security officer, Oracle; Whitfield Diffie, vice president and fellow, Sun Microsystems and a renowned cryptography expert; Steve Katz, former information security officer at Citigroup; Rhonda MacLean, director of corporate information security, Bank of America; and Will Pelgrin, director of cyber security and critical infrastructure for the State of New York. Carnegie Mellon University's newly formed Cyber Lab will act as secretariat for the organization, providing administrative support, among other functions.
Council members will seek to address five general objectives, Schmidt says:https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i 1. Bring together CSOs to address online security challenges, with a focus on business issues.
2. Define the proper role, background, and reporting arrangements for CSOs within business organizations.
3. Define the role of the CSO in implementing the federal government's National Strategy to Secure Cyberspace.
4. Determine the appropriate times and means for CSOs to communicate with government on cyber security issues.
5. Communicate regularly with technology vendors to help define security related business needs and offer suggestions on how technology can be used to minimize risks.
The Council will be an independent entity, with, as Diffie put it, only the power of its members' collective reputations to foment change.
"Whether that's sufficient to deal with the problem remains to be seen," he said.
Schmidt noted that the Council does not intend to expand its membership except to pick up some international members.
"That doesn't infer in any way, shape or form that we won't be working with other groups and others in the industry," he noted.
For more information, see the Council Web site.