Internet Terrorism Fears Stoke Industry/Govt. Cooperation

WASHINGTON, D.C. -- Private industry and the federal government have been long aware of the need to increase information sharing on computer vulnerabilities to help ward off potential terrorist attacks on the nations most vital computer systems. Yet, it has taken the events of Sept. 11 to really place the issue on the front burner, according to leaders from both sectors.

"There has always been an awareness that national security is a very big business concern," said John Tritak, head of the Bush administrations point agency for fostering cooperation between the public and private sector. "The urgency has not changed, but the appreciation that theres an urgency has."

Ron Dick, director of the FBIs computer crime division, said the agency now conducts multiple daily briefings with industry groups representing the power, water and financial services industries to discuss possible points of attack on computer systems.

The increased cooperation comes as the FBI warns that terrorists could soon target vulnerabilities in systems that regulate the nations most critical infrastructures, such as the national power grid and the telecommunications network.

Sen. Robert Bennett, R-Utah, said the next physical terrorist attack on U.S. targets may likely come with a simultaneous attack on computer systems used to coordinate an emergency response.

"Realize how the two can be tied together to produce the maximum terror and fear, so that not only has something very spectacular blown up, but we cant do anything about it because our computers are shut down," Bennett said at a conference sponsored by the Center for Strategic and International Studies.

Though both sides cheer the relatively nascent cooperative efforts, Congress and industry have determined that the data sharing will go only so far without legal guarantees giving companies a limited exemption from antitrust scrutiny for sharing information on computer attacks.

Corporations also want to limit information that may be obtained by the press or public through the Freedom of Information Act.

Bennett and Sen. Jon Kyl, R-Ariz., recently introduced legislation to enact such protections. Reps. Tom Davis, R-Va., and James Moran, D-Va., have proposed a similar measure in the House.

Bennett, who played a key role in drafting similar legislation in preparation for the Y2K conversion, said the response to his legislation from both industry and fellow lawmakers has been overwhelmingly positive.

So far, intense internecine squabbling among various Senate committee chairmen with jurisdiction over the measure typifies the sort of stovepiping that has stymied stronger interagency cooperation on computer-security issues to date, Bennett said.

"Everybody likes my bill, but we cant find a home for it," he said. "They say hell hath no fury like a congressional chairman whose jurisdiction is challenged. Various chairmen of the various committees say, Yes, this is an important problem, and I will handle it. Every one of them is willing take on the issue, but not one is willing to give up jurisdiction to anyone else. At the moment, [Senate Majority Leader Tom] Daschle is struggling with how he can deal with the various maharajas who preside over these committees."

Bennetts bill would encourage industry sectors to share data on computer intrusions and network vulnerability with the government, which would, in turn, compare the information with data gleaned from other sectors and provide industry with a meta-analysis of the data.

Bennett said he was engaged in ongoing discussions with the new chairman of the Securities and Exchange Commission to see if the SEC might be amenable to issuing a rulemaking that would require companies to detail their information security measures in their quarterly SEC filing, in much the same way companies were required to list their Y2K remediation efforts leading up to the date change.

"If you adopt fail-and-fix notion with respect to