Companies that operate within a "vertical industry" or community do benefit when they share vulnerabilities and information about potential IT hacker threats.
Such industry alliances can lead to better prepared businesses--as long as efforts focus on action, not just publicity.
The latest security coalition is IT-ISAC (Information Technology Information Sharing and Analysis Center), a collection of high-tech companies--many of them rivals, including Microsoft and Oracle. The group plans to share among its members information about security practices and cyber vulnerabilities.
Financial and telecommunications companies were teaming up for security purposes long before Internet hacking became a problem. Within these industries, cooperation between rivals was commonplace--and financially lucrative--as market transactions or long-distance phone calls often can involve multiple networks and computer systems owned by different companies.
The IT industry doesn't quite fit this model, because direct competitors--such as Cisco Systems and Nortel Networks, Entrust Technologies and VeriSign, EDS and Computer Sciences Corporation--very rarely enter in cooperative financial ventures.
For IT-ISAC to succeed, the involvement from each member must be driven by a company's corporate security officers, not by business managers. If IT-ISAC members can show that by sharing information they can avoid embarrassing security incidents--such as the one Microsoft suffered in 2000--they will be able to reduce network downtime and clean-up costs related to security incidents.
The secondary benefit will be to show customers that they avoided hacker threats by using their own security products and services. If the priority order of those two benefits is reversed, IT-ISAC will be nothing but an inexpensive investment in public relations.
Gartner also believes that industry-funded, designed and operated efforts such as IT-ISAC can be a much more effective mechanism to combat cyber terrorism than any government funded effort. The U.S. government should invest in its own people, processes and systems--as opposed to the private sector's--to become a model Internet security citizen.
(For related commentary on hackers and security measures that can be taken, see TechRepublic.com -- free registration required.)
Entire contents, Copyright © 2001 Gartner Group, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.