Gov't Told To Get Tough Online

Microsoft Windows user Sam Salerno downloads a patch from Microsoft's web site to protect his computer from the LoveSan MBlaster Worm, August 14, 2003 in New York City. If there's a bright side to the Internet worm that rampaged through hundreds of thousands of computers this week, it's that the attack might lead many companies to look much more closely at security. (Microsoft)
Computer security experts urged the Bush administration Thursday to set up a national early warning network and crisis center to monitor and respond to significant Internet attacks, suggestions aimed at staving off new federal regulations affecting the technology industry.

Experts also recommended a new campaign to educate computer users about threats they face online, designing a security tool to help consumers protect their own computers, and discussions with Internet providers on ways those companies might promote better online precautions. They also recommended that September be designated as "Cyber Security Month."

Experts said the crisis center - a centerpiece of their recommendations - could be created as early as 2005 with taxpayer funding and staffed equally by government and corporate employees who could review secret intelligence collected about major Internet attacks and outages.

Notably absent from the industry's recommendations were proposals for any new requirements or legal liabilities for companies, organizations or consumers to compel them to improve cybersecurity. The industry's approach is consistent with the Bush administration's stance that the nation's computer networks can be secured through voluntary efforts.

Rep. Jim Turner of Texas, the ranking Democrat on the Committee on Homeland Security, praised the recommendations as evidence that government and industry need to work together, and urged the administration to "take immediate action."

Critics said the industry's proposals failed to adequately blame software companies whose products are insecure.

Alan Paller of the SANS Institute in Bethesda, Md., compared the recommendations to advising motorists to wear football pads and helmets while driving "because the automobile manufacturers won't build in seat belts and air bags and better bumpers."

The industry groups made clear they functioned as coalitions under the government's National Cyber Security Partnership - not as formal advisory committees to the government, which would have required the groups to disclose many of their discussions and internal working papers.

By Ted Bridis