Microsoft security expert advocates rebirth of Y2K center

To help companies susceptible to cyber attacks, the government should resurrect the Year 2000 Information Coordination Center, Microsoft Chief Security Officer Howard Schmidt said in an interview with National Journal's Technology Daily last week. While many of the nation's largest companies have boosted their computer security to deter cyber attacks, small and medium-sized companies remain the most vulnerable to malicious invasions, Schmidt said, adding that he would support the resurrection of the Year 2000 Information Coordination Center, which was created in 1999 to monitor the nation's critical infrastructure for computer problems related to the how they interpreted the date change from 1999 to 2000. The center was dismantled in early 2000, after no serious problems materialized. "There have been some good discussions about [reviving the center]." Schmidt said. "I think that is a viable option ... particularly in the area of early warnings" about cyber attacks. Schmidt, who also is president of the Information Technology Information Sharing Assurance Center (IT-ISAC), envisions the government and private sector working together to create a center that would alert companies, even small and medium-sized ones, to particular threats that are impacting the Internet. He also said the government soon expects to release a guideline for all businesses that will detail where to report computer attacks. While business officials are more aware of the need to report attacks since the Sept. 11 terrorism, not all are certain who they should call, said an official with the Critical Infrastructure Assurance Office, which conducts most government outreach to the private sector on cyber security. In recognition of the problem, the FBI and the private sector are creating a checklist for businesses that Schmidt said will say, "Here is who you can call if you have a situation." While Schmidt is concerned about small- and medium-sized businesses, he said the United States is now much better positioned to respond to a coordinated cyber attack from an enemy. Two years ago, he said, government and private sector had no institutional means discuss such an attack. But a few weeks after the Sept. 11 terrorist attacks, when the "Nimda" virus attacked computer networks, he said officials were on the phone within hours to respond. Schmidt, an Army reservist who was called to duty after Sept. 11 to monitor computer networks for the Pentagon, participated in the conference calls. "Nimda was a classic example" of the government's preparation for an attack, he said. "We had all the right government agencies, the right law enforcement agencies and the right technical people from the software companies on the phone collectively, saying, 'How do we identify it and stop it,' Schmidt said. "Two years ago, I don't think we would have been able to do that."