Cyber Panel Scales Back Proposals for Security

Under intense lobbying by industry groups, a White House panel studying ways to protect the nation’s high-tech backbone has dropped several security ideas and turned others into topics for discussion rather than government mandates, according to the latest version of the plan circulated Monday.

The ideas that have been dropped include requiring companies to pay money into a fund to improve national computer security and restricting use of emerging wireless networks until their security is approved, according to the draft obtained by Associated Press.

“We’re just identifying the stuff we already know to be a problem, and saying it’s a problem,” said Russ Cooper of network security firm TruSecure Corp. who was briefed on the plan. “I thought there was going to be some meat, and there’s not.”

The cybersecurity panel headed by President Bush’s computer security advisor, Richard Clarke, is expected to release its recommendations Wednesday.

Clarke advisor Andy Purdy said Monday that the panel has decided to put its ideas out for public comment for two months before sending it to the president.

Once called the “National Strategy to Secure Cyberspace,” the draft circulated Monday added the words “For Comment” to the title.

The board is part of the White House but has no statutory power to compel federal agencies or companies to follow its directives. Officials have previously noted that much of the nation’s high-tech backbone--its banking, transportation and utilities networks--is owned and operated by private corporations.

Within the last week, officials removed a proposal to create an Internet fund built with tax dollars and industry contributions to pay for Internet security enhancements, the latest draft shows.

Security expert Bruce Schneier said the White House won’t be able to convince companies that expensive security enhancements are worth it when the company’s stock price is at stake.

“The government should either make a law or not bother,” Schneier said. “This cajoling only goes so far. I think [companies] do want to be good corporate citizens, as long as it’s free.”

Another dropped proposal would have called for companies to work on securing wireless networks and barred the use of such networks until they could be proved secure. Wireless technology, which is increasingly cheap and easy to use, has been criticized as difficult to secure.

Now, the plan says only that “federal agencies should consider installing systems that continuously check for unauthorized connections to their networks.” The rest of the wireless network proposal is under the heading “Issues highlighted for continued analysis, debate and discussion.”