White House computer expert says GovNet is not a certainty

The vice chairman of a board charged with coordinating a plan to defend the nation's computer networks said on Monday that the Bush administration is not certain whether it will proceed with its plan for GovNet, a government-only intranet.

The Critical Infrastructure Protection Board, the recently reformulated executive-branch group charged with overseeing the security of computer networks, is "in the process of reviewing" more than 160 responses to a request for information about the GovNet proposal, said Howard Schmidt, who recently left his job as Microsoft's former top security official to become vice chairman of the board under Richard Clarke, the White House cyber-security adviser.

The proposal called for the creation of a private network with no interconnections or gateways to the Internet. "GovNet will support critical government functions and will be immune from malicious service and/or functional disruptions to which the shared public networks are vulnerable," according to the proposal.

Schmidt said the questions the board is posing about GovNet include: "What does it cost, what does it do, and does it make sense to do this?" He addressed the issue at a conference on Internet authentication and computer security sponsored by the Center for Strategic and International Studies and the Information Technology Association of America.

Several people in the technology industry and civil liberties groups have raised concerns that GovNet would be too expensive and could segregate important government resources. Clarke said in a November interview that he expected the government to make a decision on the matter by February and said in an October press release that "planning for this network has been going on for several months."

Although Schmidt said he and Clarke agreed that such a system is worthy of consideration, he added that "we currently don't know" whether to go forward with it.

Schmidt also reviewed some of the other top priorities of the board, including: coordinating the activities of the National Infrastructure Protection Center to educate companies and computer users about a recently discovered flaw in the Simple Network Management Protocol, which facilitates management information between network devices; collaborating with industry groups to form information-sharing and analysis centers; and devising a plan to permit communication by cell phone in emergencies.

In response to a question, he also reiterated the administration's support for legislation, S. 1456 and H.R. 2435, that would exempt businesses from certain provisions in the Freedom of Information Act for sharing information about computer vulnerabilities with ISACs and the government.