Modernizing Authentication — What It Takes to Transform Secure Access
The board, created in the wake of the September 11 attacks, reports to the National Security Advisor and the Director of Homeland Security. This summer, Schmidt says, it will present a plan for protecting critical infrastructures from cyber attack.
That plan will include some form of "early warning system," according to Schmidt, who spoke as part of a panel discussion in a Webcast sponsored by the trade newspaper Network World. He envisions the center would track security threats such as virus outbreaks in an attempt to predict when a problem is starting to occur.
Such centers already exist in the private sector. SecurityFocus, for example, has a service called the ARIS Threat Management System that is intended to predict when attacks will hit by monitoring events occurring at hundreds of subscriber sites around the world.
Toward that end, the government intends to work with industry and the academic community to come up with best practices and various programs to ensure security. Schmidt also advocates a service for scholarship program, where the government pays for students to become educated in cyber security in exchange for the students using their skills in the public sector for a period of time.
While the panelists agreed that cooperation between the private sector and government is desirable, not all thought it was enough.
"We need some legislation," said Peggy Weigle, CEO of Sanctum, Inc., an application security tool vendor. She noted that legislation such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act have succeeded in getting insurance companies and financial institutions, respectively, to focus on security issues. "We need a little bit more of a push along with guidelines to make things happen. It's not happening by itself." On the international front, Schmidt said the Bush administration has held bilateral negotiations with other countries, notably the G8 countries (Britain, Canada, France, Germany, Italy, Japan, Russia and the U.S.) on cybercrime issues.
The idea is to get an agreement that the U.S., for example, can prosecute the perpetrator of a crime against a U.S. entity even if the perpetrator lives in a country where the act is not considered a crime. "So we don't have to worry about going through onerous extradition issues to hold someone accountable for their actions," Schmidt said.