UN hosts Global InfoSec forum

Amid tight security and the pall of Manhattan’s 9/11 remembrance ceremonies, 13 countries from the United Nations gathered here Thursday along with hundreds of U.S. high-tech executives in an effort to foster greater co-operation on the global information security war front.

The second annual UN Global InfoSec Conference, sponsored by the UN Working Group on Informatics and AIT Global Inc., an IT industry association in Kings Park, N.Y., opened with a moment of silence in honour of the victims of the Sept. 11, 2001, terrorism attacks, but quickly delved into the urgent need for information sharing on virus and worm threats and the question of why the world’s differing views of security and privacy remain a tough obstacle to overcome.

“Most developing countries today are as technology-dependent as developed countries,” said June Y. Clarke, ambassador to the UN from Barbados and the interim chairwoman of the UN Working Group on Informatics. “And in a number of countries, including my own, governments are seeking to promote a viable and sustainable IT services sector,” she said. As a result, security and privacy issues are “as significant and important for developing countries as they are for a Fortune 500 company.”

According to Clarke, this year’s onslaught of viruses and worms, such as the Slammer, Blaster and Sobig worms, has taken a toll on many developing countries. “For developing countries, the increasing cost of security caused by these attacks has resulted in a diversion of resources away from maintaining and expanding existing networks and systems,” she said. This is a “major concern that needs to be addressed at the highest levels,” she added.

However, the one question for which few answers were offered was if the world can come together enough to forge common security and privacy laws that would remain effective and enforceable.

“There hasn’t been a thorough public discussion on privacy yet,” acknowledged Vance Hitch, CIO at the U.S. Department of Justice. Hitch, whose speech to the UN came at a time of increasing concerns about the Justice Department’s pursuit of additional electronic surveillance powers under the controversial USA Patriot Act, tried to allay the fears of some in the audience by saying the department is actively “trying to prevent witch hunts” in cyberspace. He added that a privacy impact study must be conducted for every new system or application deployed by the Justice Department before it is rolled out.

“My experience has been that the U.S. is an ‘opt-out’ society and Europe is more an ‘opt-in’ society” when it comes to privacy laws and regulations, said Ken Watson, president of the U.S. Partnership for Critical Infrastructure Security and director of critical-infrastructure protection at Cisco Systems Inc.

In Europe, personal data is the property of the individual, whereas in the U.S., there are laws that allow companies to exchange customer data, Watson said. “In the U.S., we have self-regulation, and in Europe we have government regulation. I don’t think there’s anyway to tell right now which approach is better.”

However, before any common approach can be agreed upon, a series of policy discussions will have to be held at the highest levels of government, Hitch said. “It’s not clear what the bounds of privacy are.”

Many questions remain to be answered, Hitch said. “How far can we go? How far should we go? And how much are we willing to pay in privacy for better security?” he asked. “How can you put a price on preventing something like (9/11)? That’s the kind of discussion you need to engage in.”