DHS challenges IT industry to take responsibility for cybersecurity

Computerworld - SANTA CLARA, Calif. -- Secretary of Homeland Security Tom Ridge today warned the IT industry that the nation's electronic infrastructure presents "an attractive target for terrorists." Meanwhile, his top cybersecurity advisers said government regulation is possible if the private sector fails to act to bolster security.
Speaking to more than 300 IT executives at the first National Cyber Security Summit here, Ridge said everything from electricity grids to banking transactions and telecommunications depends on secure, reliable cybernetworks, and terrorist groups "know, as do we, that a few lines of code could ultimately wreak as much havoc as a handful of bombs."
Ridge said the number of cyberattacks continues to rise, with more than 76,000 occurring in the first six months of this year. "Many of these are the work of hackers. Yet, we know the enemies of freedom use the same technology that hackers do. And we know that they are looking to strike in any manner that will cripple our society."
He likened the cybersecurity challenge to erecting effective roadblocks and "tough barricades" to stop would-be terrorist bombers from physically destroying buildings and killing innocent people.
Ridge then pressed the IT industry and the private businesses that own and operate more than 85% of the nation's critical infrastructures to "lead the way" in cybersecurity. "The continued success of protecting our cyberspace depends on the investment and commitment of each of you and the businesses you represent," he said.
That commitment has come under increased scrutiny during the past year, as various studies and independent commissions have concluded that market forces alone have not been enough to force needed improvements in security. The issue was thrust into the limelight today at a news conference, during which Robert Liscouski, assistant secretary for infrastructure protection at the U.S. Department of Homeland Security, and Amit Yoran, the newly appointed chief of the DHS National Cyber Security Division, were grilled by reporters about the wisdom of the government's nonregulatory approach to working with the private sector.
Both Liscouski and Yoran said increased government regulation remains a possibility should the private sector fail to live up to its security responsibilities.
"The private sector owns the problem," said Liscouski. "[And] there are a lot of people out there who are willing to legislate. If that's what you want, I can promise you that you'll get it." Liscouski added, however, that the Bush administration does not think that better security can be legislated or forced on the private sector by the government.
Yoran, making one of his