Story: Commerce Dept. and IT Companies Announce Security Group, 1/17/01.

Tech Law Journal
News, records, and analysis of legislation, litigation, and regulation affecting the computer, internet, communications and information technology sectors
TLJ Links: Home \| Calendar \| Subscribe \| Back Issues \| Reference Other: Thomas \| USC \| CFR \| FR \| FCC \| USPTO \| CO \| NTIA \| EDGAR

Commerce Dept. and 19 Companies Announce IT Security Group

(January 17, 2001) The Commerce Department and executives from nineteen information technology companies met in Washington DC to announce the formation of a group named Information Technology Information Sharing and Analysis Center. This ISAC will share information about cyber attacks, protective measures, and other information security issues.

Representatives of Microsoft, Oracle, Cisco, IBM, HP, EDS, CSC, Intel, Symantec, and other companies gathered in the conference room of Secretary of Commerce Norman Mineta on Tuesday morning, January 16, to announce the new group.

Extended Excerpts from
Norman Mineta's Address

... I think that it is a giant step forward in making certain that the nation's information networks are as secure from cyber attackers as we can make it. Your efforts to pull together this group of 19 nineteen high tech companies have been outstanding. And, President Clinton and I are both very grateful for all that the industry has done to protect our infrastructure. Now, with today's announcement, we now have four Information Sharing and Analysis Centers. The other three are for the telecommunications, banking and finance, and electric power industries. I hope that we will see more centers set up in key industries in the months ahead. Now, obviously, the information technology sector is absolutely critical because it permeates the economy so deeply and so broadly. The Internet revolution will have a major impact for many years to come, whether it is job creation, improved productivity, how people communicate, or how business is done. We know already that there are some 750 Million people who use the Internet, and there are some 15 Billion web sites, 7 Trillion Dollars in business to business revenue. And companies from the very biggest to the very smallest are using the Internet to grow their businesses to make them more protective. So, we cannot sit idly by, let this valuable asset be a target for hackers and terrorists. One of the best measures that we can take to protect this very important piece of our infrastructure is by agreeing, as you are, to share information on the latest security measures, on best practices, and on preventing threats to the information network. This also will enable businesses and government to respond more rapidly to an attack. Perhaps more importantly, what we are doing today, is sending a strong signal to would be attackers, that we are not going to let you get away with cyber terrorism. We stand united. Let me make my other point. I was an executive, as many of you know, at Lockheed Martin Corporation. I know that it is a very competitive world out there. The last thing that a corporate executive wants to do is to share information with about his own company with the competition. So, I want to commend all of the companies who are represented here today for stepping up to the plate. It is a very courageous thing to do. And, it is my hope that we will see other companies following your lead. ...

"It is a giant step forward in making certain that the nation's information networks are as secure from cyber attackers as we can make it," said Sec. Norman Mineta.

The purpose of IT-ISAC is to report and exchange information among its industry members concerning electronic incidents, threats, attacks, vulnerabilities, solutions and countermeasures, best security practices and other protective measures; to establish a mechanism for systematic and protected exchange and coordination of such information; and to take other appropriate action commensurate with these goals.

Most of the representatives of nineteen founding members spoke at the event. Guy Copeland of CSC addressed the history of industry security efforts, which he dated back to 1981, and the Apple 2 viruses on pirated computer games. Phillip Lacombe of Veridian compared the mission of IT-ISAC to that of the "missile and air defense early warning system."

Todd Gordon of IBM stated that the "common objective is to protect Internet commerce" but that "we will never allow the IT-ISAC to become commercialized."

Dan Burton of Entrust Technologies provided a metaphor for the IT-ISAC. It is a "research university with a hospital emergency room attached to it."

Gregory Akers of Cisco assessed the threat. The cyber threat "reach[es] beyond the thing we are accustomed to in the past, where a few misguided individuals may have deemed it a unique opportunity to go see what they can accomplish ... These people now have become very well skilled at their trade. They are supported by very wealthy and very powerful entities within the world today, and their position to take advantage of the opportunities that these infrastructures provide will let them use them to their benefit, not the benefit of society as a whole."

Howard Schmidt of Microsoft addressed the effect of the transition of administrations. He said that this "will be a continuing priority with the new administration." Harris Miller of the ITAA added that Sec. Norman Mineta, who is currently Clinton's Secretary of Commerce, will be Bush's Secretary of Transportation, and will add to continuity.

Richard Clarke, National Coordinator for Security, Infrastructure Protection and Counter-Terrorism, National Security Council, and Greg Rohde, Assistant Secretary of Commerce for Communications and Information and NTIA administrator, also spoke at the event.

Rohde emphasized that computer networks are privately owned, and that leadership on network security must come from the private sector.

Clarke emphasized private industry's sharing of information with the government. He added, "It is remarkable that these competitors have come together. But these are the companies that make America work, and without these IT, the new economy would not work. So, it is a patriotic move on their part to come together to help preserve the economy, and to help preserve the national security." He added that he hoped other ISACs will be formed for other industry sectors.

Tech Law Journal also spoke with Lino Lipinsky, a partner with the law office of McKenna & Cuneo, legal counsel to the IT-ISAC, after the event, regarding the antitrust law implications of the IT-ISAC. He stated that the FTC wrote its Antitrust Guidelines for Collaboration Among Competitors [PDF] in April of 2000, and that the planned activities of the IT-ISAC are permissible under these guidelines.

He stated that "these types of agreements may be necessary to realize some procompetitive benefits."

While some entities that seek to join the IT-ISAC may be excluded, it would be those "with no track records whatsoever." He added that "if a bona fide well respected member of the IT community applies" it will be admitted.

He also stated that "we have bent over backwards to make sure that this is a private entity."