RealTime IT News

Tech Companies Form Internet Security Center

A group of 19 tech heavyweights seemed to put aside their differences Tuesday to form an initiative aimed at juicing up Internet security by sharing information about vulnerabilities in their software and hardware products with each other.

Even arch-rivals like Microsoft Corp. and Oracle Corp., and Cisco Systems and Nortel Networks, agreed to sit at the same table to form IT-ISAC (Information Technology Sharing and Analysis Center), which met for the first time Tuesday morning. Atlanta-based Internet Security Systems (ISS) was selected by the 19-member group to maintain the center.

Similar private alliances already exist to protect against Internet security vulnerabilities in the banking, telephone and electrical industries, and plans are in the works for alliances to protect oil and gas companies as well as the transportation sector.

U.S. Secretary of Commerce Norman Minetta -- who has also been nominated for the transportation secretary position in the next administration -- introduced IT-ISAC at a press conference Tuesday morning.

"I think that it is a giant step forward in making certain that the nation's information networks are as secure from cyber-attackers as we can make it," he said. "We cannot site idly by and let this valuable asset be a target for hackers and terrorists. What we are doing today is sending a strong signal to would-be attackers that we are not going to let you get away with cyber-terrorism. We stand united."

The push to create the alliance got rolling after last year's high-profile denial-of-service attacks on some of the Internet's most well-known e-commerce and brokerage sites. In May 1998, President Clinton, himself, told government agencies to form alliances with various industries to create ISACs. Even further back, the Federal Bureau of Investigation formed the Computer Investigations and Infrastructure Assessment Center in July 1996 to "coordinate and program manage investigations involving computer crimes, national security and terrorist cyber threats to the national infrastructure." Part of that initiative involved the 1999 creation of InfraGard, an effort to exchange information between the business community, academic institutions, the Bureau and other government agencies.

InfraGard has managed to gain the support of about 518 companies in all 50 states, and William Yang, a network security specialist at the Ohio Supercomputer Center and one of the founding trustees of InfraGard, said he doesn't think IT-ISAC will undermine InfraGard's work.

"If they find that this is a better way for them to share information and to get better at dealing with incidents that occur, more power to them," Yang said. "They have problems that are very specific to their sectors. First of all, they're the targets; they're the guys with the big red circles on their chests. They have different issues -- in terms of how small a bug can be, how small an issue can be before they're affected -- than most of the Net. It may be the case that they need a special group that helps them to do that. I don't see this as being in competition with InfraGard. I see it as being something that would work well in conjunction with InfraGard."

IT-ISAC will be sharing information with its members, not law enforcement agencies -- at least at first. Members that discover a new security threat, whether a virus or other vulnerability, will send detailed warnings to the rest of the group. Eventually the group will determine how much of that information it will share with the government or other industries.

Minetta praised the companies participating in IT-ISAC -- many of which are competitors -- for their willingness to share confidential information with each other. But that doesn't necessarily mean the companies will disclose their security data to the public, government regulators or law enforcement. Like the other ISACs already in existence, IT-ISAC's members are sworn to strict c