Cyber Security an Increased Priority
REUTERS April 18, 2000
WASHINGTON – Treasury Secretary Lawrence Summers
warned corporate chiefs Tuesday that protecting their data
from cyber threats was about to become a top priority in the
He said he had no doubt that in 10 years information
security would be "an absolutely central priority in
terms of management of business risk."
"The only question is whether we will move to that in
a smooth way or whether there will have been four or five
spectacular failures which will have woken everybody up and
gotten us to that point," Summers said.
He made his comments at a daylong White House conference
aimed at spurring corporate attention to, and spending on, the
threat of computer assaults. Attending the conference, the
first in a six-part regional series, were experts on corporate
governance, auditors, and senior executives.
Commerce Secretary William Daley told the session that the
Internet era marked "the first time in American history
the federal government alone cannot protect our
"We can't hire a police force big enough to protect
all of industry's key information assets," he said.
"Nor would you want us to."
Instead, the Clinton administration has been pushing
industry groups to share more data on network vulnerabilities
both among themselves and with law enforcement and
intelligence officials led by the Federal Bureau of
Investigation. Summers cited the model of a center set up by
21 U.S. financial services firms last October.
The administration has stepped up its public expressions of
concern since an assault in February disrupted online access
for hours to such popular Web sites as Yahoo, Amazon.com, eBay,
E-Trade, and others.
Possible threats range from youthful hackers and criminals
to guerrilla groups. The administration also has frequently
cited "information warfare" tactics that it says are
under study by China, Russia, and other countries.
John Podesta, President Clinton's chief of staff, told the
conference that building safer computer security practices was
critical both to U.S. business and national security.
"And we are most successful when we work together as
partners," he said.
Richard Clarke, the White House National Security Council
staff coordinator for infrastructure protection and
counter-terrorism, said the government was willing to share
intelligence on cyber threats with industry groups "if we
can establish classified" channels for handling it.
But he said federal authorities were looking to the private
sector to come up with information-security standards that
might be required, for instance, to meet auditing guidelines
or to get insurance.
In a report released at the conference, the Institute of
Internal Auditors, which claims 70,000 members worldwide, said
corporate directors had a responsibility to practice "due
care" in overseeing information security practices.
"Any board that fails to address information security
does so at the peril of the organization and itself," the
Altamonte Springs, Florida-based professional group said.
©2000 Reuters Limited.