Tech firms urged to aid security efforts

Phyllis Schneck, the co-chair of the InfraGard executive board, said that if an online attack takes place a business will benefit from knowing which FBI agents to contact.

"The people that you want to call, the people you want to contact, are the ones you trust," Schneck told about 200 attendees at the InfoWarCon conference. Created in 1996, InfraGard is an information-sharing alliance between the FBI, the FBI's National Infrastructure Protection Center, universities, state and local police, and private companies.

The two-day InfoWarCon event was less a trade show and more an extended show-and-tell session, with speakers sharing stories of how they have created "cybersecurity" centers in their agencies or companies and what obstacles they encountered.

About half of the attendees were from the government, mostly military, and the other half were from large corporations such as airplane maker Boeing and drug developer Pfizer. All, however, seemed to recognize that after last year's terrorist attacks, politicians and CEOs have become far more willing to hand over money to thwart potential electronic miscreants.

Jill Warren, the former assistant attorney general for Texas, said her manager had responded to the attacks by creating a special committee that recommended the creation of a Texas Infrastructure Protection Center. The goal is to exchange information between government offices and corporations regarding "physical and cyber assets that are critical to the health, safety and welfare of Texas residents."

"The best strategy for defending against attacks requires the cultivation of an alert network, both government and businesses," said Warren, who is now at the Bracewell and Patterson law firm.

As CNET News.com recently reported, it is possible for electronic intrusions to damage infrastructure and threaten physical danger, but taking control of those systems from the outside requires specialized knowledge and the intruder often must overcome noncomputerized fail-safe measures.

After the Sept. 11 attacks, it took less than 24 hours for cyberterrorism to emerge as the next great threat, triggering calls for new legislation to broaden the authority of law enforcement agencies. Privacy advocates, the Green and Libertarian parties, and others have criticized laws such as the USA Patriot Act as overreaching and overly intrusive.

"Civil libertarians just went crazy," said Philip Lago, deputy executive secretary at the CIA.

Because the CIA's records are classified, "I can't share with you the successes, and there have been literally hundreds of them," Lago said at the conference.

Lago said that while the intelligence community is sensitive to concerns about overly broad surveillance, laws can complicate effective intelligence-gathering. "The National Security Agency is working on the Fourth Amendment thing," Lago said. He added that legal restrictions against spying on U.S. citizens are not controversial, but those same limitations pose a problem when immigrants and tourists can benefit from the Fourth Amendment's prohibition on "unreasonable" searches.

"I wish we could make every single member of this country--there goes this democracy thing, right?--read those New York Times articles (about victims of the World Trade Center) and realize what this is about," Lago said.

Anyone who wishes to participate fully as a "secure" member of InfraGard must complete a 10-page application and undergo an FBI background investigation. "General" members of InfraGard do not need to do so, but Schneck said she was campaigning for background checks on all participants.

InfraGard's Schneck, a vice president at an Atlanta intrusion-prevention firm called SecureWorks, said InfraGard members who frequently travel are encouraged to report suspicious behavior to the FBI. "Think of the things you're seeing," she said. "You're the eyes and ears."

Last month, the Bush administration halted a related program called Operation TIPS, citing concerns that America would become a nation of informants.