Public-private partnerships called key to cybersecurity

Voluntary partnerships between government agencies and the private sector are crucial to protecting the nation's critical infrastructures from increasingly sophisticated forms of cyber warfare, information security experts from the public, private and academic sectors said Tuesday.

"We need you, but we don't own you, so we have to have this partnership to make it work," Howard Schmidt, vice chairman of President Bush's Critical Infrastructure Protection Board, told industry representatives during a Washington conference organized by the Strategic Research Institute.

Schmidt, who formerly served as chief security officer for Microsoft, noted that about 90 percent of the nation's critical information infrastructure is owned and operated by the private sector. Schmidt said making those networks "resistant to degradation, and resilient when attacked" requires information sharing, coordinated research and other cooperative efforts between the public and private sectors.

"It's got to be voluntary because if we don't work in a spirit of cooperation and trust, we are shooting ourselves in the foot at the outset," Schmidt said, noting that President Bush has charged the Critical Infrastructure Protection Board with coordinating the cybersecurity capabilities of government, industry and the academic sector.

Public and private sector officials involved in those coordination efforts must realize that keeping pace with cyberterrorist threats is likely to be increasingly difficult, according to Robert Gerber, chief of analysis and warning at the FBI's National Infrastructure Protection Center.

"The threat out there has never been greater," Gerber said, noting that "the nature of attacks will continue to deepen and become more intense" because of rapidly evolving new technologies.

The inherently open nature of the Internet is another reason for that increasing threat, according to Jacques Gansler, chairman of the University of Maryland's Center for Public Policy and Private Enterprise. "The Internet was not developed to be a secure system and that is kind of why we are playing catch-up," Gansler said.

Gansler, who formerly served as the Defense Department's undersecretary for acquisition, technology and logistics, added that if the al Qaeda network had combined the attacks on the World Trade Center and the Pentagon with simultaneous cyberattacks on the nation's critical infrastructures, the events of Sept. 11 "could have been much more destructive."

Schmidt said the White House's Critical Infrastructure Protection Board is helping state and local agencies to protect their critical systems to ensure that their response capabilities would not be crippled during a terrorist attack.

"We must make sure state and local governments have the same [cybersecurity] capabilities as a multibillion dollar federal agency," Schmidt said. "It takes a lot of coordination to do that."

Schmidt added that the board must also help the federal government "get its house in order."

"We have to make sure our systems are secure while helping the private sector do their part as well," Schmidt said.