War, recession highlight need for Internet security

As the United States gets hit by the double-whammy of a war and a recession, the need to improve Internet security is more critical than ever, according to government and industry leaders speaking at a panel held Friday on Capitol Hill.

Sen. Bob Bennett (R-Utah), a champion of high-tech causes, said the Sept. 11 terrorist attacks plunged America into both a war and a recession. He said Internet security is required to protect precious American information resources such as the Federal Reserve Bank’s Fedwire fund transfer system from cyber-terrorism. He said Internet security also is important in terms of improving productivity across the U.S. economy.

“It is still vitally important that we pay attention to how well we are doing in Internet security,” Bennett said. “Someone who wishes to could do us great damage.”

Bennett said the U.S. has a leadership role to play in Internet security, much as it has a leadership role to play in protecting the world against terrorism. America’s war on terrorism will be fought over the Internet, economically and diplomatically as much as it will be fought militarily, he predicted.

“How vital it is that all systems of the economy work well, and that the Internet system work well,” he added.

Bill Conner, president and CEO of Internet security software vendor Entrust Technologies Inc., concurred about the importance of protecting the Internet as a critical communications infrastructure.

“There was a 911 call last week that I think went out to the Internet and to Internet security,” Conner said, referring to the terrorist attacks in New York City and Washington, D.C.

Conner said today’s widely deployed technologies for Internet security–firewalls, virus scanning and secure socket layer transactions–aren’t sufficient. Instead, he said Internet security must be enhanced to protect the content of communications as well as ensuring the identity of the people involved in the transaction.

Specifically, Conner said an enhanced Internet security system would provide:

– Identification of the parties at either end of the communication.

– Entitlements to control the access users get to information.

– Verification of transactions.

– Privacy to ensure that sensitive information is protected.

– Security management to administer security across applications and platforms.

“These are the requirements in a post-911 era,” Conner said. “Anything less than that can be compromised.”

Conner recommended the federal government to do a better job of coordinating how it rolls out enhanced security services across its many agencies. And he urged Congress to increase the resources devoted to Internet security, pointing out that the Office of Management and Budget has only two and a half people dedicated to monitoring Internet security across the government.

Regarding encryption, Conner urged Congress not to control the availability of encryption software or to build back doors into it. “If we try to legislate or regulate encryption, it will become a bullet used against us,” Conner warned.

Daniel Chenok, branch chief for information policy and technology at the Office of Management and Budget, said security and privacy underpin all of the federal government’s e-government initiatives. These initiatives are focused on reforming how the government does business with consumers, businesses and other government agencies by taking advantage of the efficiencies of Internet communications.

Regarding Internet security, Chenok said “Clearly there has to be a partnership between government and the private sector.”

While Chenok offered no specifics, he said the federal government’s Internet security strategy may change in light of the Sept. 11 attacks. “Clearly, at very senior levels all of these issues are being reviewed and a number of decisions and actions on that will be taken,” Chenok said.

The Internet Security panel was sponsored by the Business Software Alliance, a public policy group that represents 18 software vendors including Entrust, IBM, Microsoft and Novell.