President's cybersecurity chief defends agenda

WASHINGTON -- President George W. Bush's top cybersecurity advisor defended his boss's Internet security agenda but called for help from everyone from large corporations to individual Internet users to protect the U.S. homeland by protecting their own little piece of cyber turf.

Howard Schmidt, the special advisor for cybersecurity at the White House, defended the president's National Strategy to Secure Cyberspace, released in mid-February, by saying Tuesday that it intentionally left most cybersecurity decisions up to private companies.

Some participants in the cybersecurity sector criticized the strategy for not including regulatory teeth with its many recommendations, but Schmidt said Internet companies know better how to run the Internet.

The president's strategy "didn't go out and tell private businesses how to run your businesses to be more secure," Schmidt told a group of IT executives gathered at the Secure E-Business Executive Summit, sponsored by the Interoperability Clearinghouse, a consortium of standards organizations. "We made suggestions, we alluded that 'one should consider,' we alluded that 'they can consider.' I don't think any of us would like some government agency to say, 'here's the protocols you have to use, here's the operating system you have to use, here's the database you have to use,' because one size does not fit all."

Schmidt noted that 80 to 85 percent of the Internet is owned by the private sector, and he said it should stay that way.

"If the government was good at innovation, the government would pay us taxes on the money they make off of innovating," Schmidt told the executives.

However, the White House and the rest of the U.S. government does have a role to play, Schmidt said, in making recommendations to companies and Internet users and bringing together competing companies to talk about cybersecurity. "Government is great at being a convener," Schmidt said. "I can't think of a time where somebody would say, 'No, I don't want to go to the White House for a meeting.'"

The federal government can use its pulpit to call on others to pay attention to cybersecurity, Schmidt said, because some organizations still aren't paying attention to the issue. Some observers said the Slammer worm attacks on the Internet in late January were a wake-up call for cybersecurity, but Schmidt said he's heard those predictions before about other worms and viruses. He believes Slammer won't be the last large-scale attack to be called a wake-up call.

Schmidt called for more communication between private industry and the government when Internet attacks occur, and he called on all Internet users to be vigilant about warning signs. Several companies had warning signs about the Slammer worm, he said, but the word didn't spread far enough. Schmidt, who was once a police officer in Arizona, said people often hesitate to report suspicious activity or don't recognize that the barking dog and the breaking glass together mean something.