While urging government officials to allow industry to take the lead in responding to the threats posed by cyber terrorists and hackers, cyber security experts said Wednesday that government can help industry by changing current laws to make it easier for business interests to share information.
"I urge Congress to let the private sector take the lead," said MCI WorldCom Senior Vice President Vinton Cerf, one of the founding fathers of the Internet. Industry "has the most to gain" and is the most capable of dealing with the issue.
Cerf and other cyber security experts testified before the Joint Economic Committee on what steps industry and government can take to make the Internet and computer networks more secure. The issue has gained increased importance in recent weeks with the wave of attacks that have hit major commercial Web sites. Hackers interrupted service for a few hours by inundating the sites with requests for information.
Cerf and others noted that cyber attacks are likely to become more frequent and severe despite increased attention on the issue. But Cerf, a board member on the Internet Corporation for Assigned Names and Numbers, which has been tapped to take over management of the Internet, said the network itself is more secure than the computers on it because fewer people have access to the operation of the Internet than to individual computers.
"These attacks…will occur more frequently," said Stephen Cross, director of the Software Engineering Institute at Carnegie Mellon University.
Cross and others said it is important for government to provide ways to encourage representatives across industries to share information with each other. More than 200 industry representatives met Tuesday for the first meeting of the Partnership for Critical Infrastructure Security, a joint industry and government project aimed at protecting the nation's critical infrastructure, to discuss how to work together on the issue.
Reps. Tom Davis, R-Va., and James Moran, D-Va., said they may introduce legislation to encourage information sharing by ensuring that proprietary information would not be made public via Freedom of Information Act requests and possibly by providing protection from legal liability when sharing information.
When asked by Sen. Christopher Dodd, D-Conn., whether Congress should be putting more focus and money into cyber security research, Fred Cohen, a member of the technical staff at Sandia National Laboratories, said a bigger issue is finding enough people with expertise in cyber security, particular at universities.
Sen. Robert Bennett, R-Utah, who heads the Senate's Y2K committee, said Clinton administration officials have said one of their biggest challenges is trying to keep talented cyber security experts from leaving government for the private sector.