The recommendations -- from simply shutting down computers to upgrading software security to give it new muscle -- should be implemented voluntarily by industry, the panel said. But the Federal Communications Commission Chairman, Michael Powell, said some might be mandated by regulation.
"We will not hesitate to go forward in seeking a regulatory response," Powell told reporters without specifying which steps might be ordered. "The mission has to succeed."
That mission, lent a sense of urgency after the Sept. 11 terrorist attacks collapsed some cell phone and other communications systems, is to help companies in crisis contact and work with partner firms or competitors to keep services running for customers. The 50-member Network Reliability and Interoperability Council, industry executives appointed by the FCC, also is investigating ways to help emergency personnel stay in contact with each other, the government and the public.
The let's-work-together approach, members said, is a product of communications companies' sharing vulnerable networks so that an attack on a company's computers would be unlikely to spread to another's.
Council leaders said participation also provides opportunities to show the government and the public that the industry can deal with many of its own security problems, such as tracking service outages and reporting them confidentially, with minimal regulation, if any.
"It is our expectation that everyone participates in this voluntary process," said Richard Notebaert, chairman of the panel and chief executive officer of Qwest Communications International. The alternative, a federally mandated process, would not guarantee confidentiality, he said.
The Sept. 11 attacks, experts said, exposed a gap between the level of security required by the market and a higher, more expensive, level now driven by terror threats. In addition, the threat from crackers has increased exponentially, said one expert. Bill Hancock, vice president of Cable & Wireless, said the number of attacks increased from 2,000 last year to 86,000 this year.
"Putting in cybersecurity is a very critical component of surviving over time," Hancock said.
To meet the new threats, members of the industry from satellite companies to ISPs should invest in better security for hardware, software and personnel, the council said Friday. Its members formally vote on the to-do list Dec. 20.
Some of the recommendations are basic, such as being vigilant in making sure that all computers not being used are logged off and shut down to deter crackers.
Others require significant investment of money and time.
For example, better protection for hardware should be provided. The council's recommendations would have companies train personnel better in how to recognize suspicious items and how to handle proprietary information. It also said communications firms should prepare plans for inspecting equipment and plant locations in case of crises. Generally speaking, the members said, security should be part of strategic business planning for such firms.
Certain actions are necessary to protect software as well. The council suggested erecting "layered" security structures, such as firewalls and perimeters. The industry needs better methods for making sure that only authorized personnel have access to networks and information systems, the panel said. It recommended ways to respond to attacks faster.
In addition, the panel recommends that cable, wireless and data companies, along with Internet service providers, participate in a trial next year in which they voluntarily report outages.
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
