As previously Global Council of CSOs (chief security officers) consists of nine security executives from technology, financial and Internet companies and one security chief from a government agency. The group on Wednesday said at a press conference here that it aims to clarify the role of the chief security officer in companies, help such executives understand their role in implementing and aid communications among security professionals, the technology industry and the government., the newly formed
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The council is the latest organization to be established specifically to address digital security concerns. In September, the U.S. Department of Homeland Security US-CERT group to fight cyberbugs. A year before, set up the Organization for Internet Safety to publish guidelines for disclosing vulnerabilities in software. In addition, numerous information sharing and analysis centers have been created to teach various industries how to maintain secure information systems, and the FBI has partnered with companies in many U.S. regions to create InfraGard groups, the security world's equivalent of Rotary International.Carnegie Mellon University's Computer Emergency Response Team (CERT) Coordination Center to form the
While duties of the Global Council of CSOs may overlap with those of other organizations, its main goals are complementary, said Mary Ann Davidson, chief security officer for software maker Oracle.
"I think it is a particular good balance between those who are in the technology sector of IT and those who are a consumer of technology but have incredible responsibilities for securing their infrastructure," she said.
The group doesn't have any formal connections with the Department of Homeland Security but, as many of the executives in the council have said, it will likely have close contacts with the government.
Members of the group include top security executives from the Bank of America, Citigroup, MCI, Microsoft, Motorola, Sun Microsystems and Washington Mutual. The sole initial government representative will be Will Pelgrin, the director of cybersecurity and critical infrastructure for New York state. Carnegie Mellon's CyberLab has volunteered to take on administration duties for the group.
Pelgrin said the brainpower of company executives will help government agencies lock down their systems.
"Generally, the private sector has been much more in the fore than the government has been on this, and while the government is catching up, I think that we can bring and highlight for government the importance of a CSO...and the awareness of cyberissues," he said.
Nearly 85 percent of information infrastructure is owned by the private sector. But some lawmakers have criticized the industry for the pace at which new security initiatives have been launched and, to address those concerns, have introduced legislation: the Graham-Leach-Bliley Act in the financial industry, the Health Insurance Portability and Accountability Act in the health care industry, and the Security Breach Information Act passed in California, for example.
The Global Council of CSOs believes that promoting better security practices among companies in the industry will help minimize future legislation.
The council will likely release comments on adopting new technologies and standards--such as the next-generation Internet, known as Internet Protocol version 6; Secure Border Gateway Protocol; and secure Domain Name System--to aid in future network security, the group said.
"I think that international standardization has been one of the bright spots in security," said Whitfield Diffie, chief security officer at Sun. "The problems deal more with deployment of the things that have been agreed on."
Diffie pointed to the adoption of the Rijndael encryption algorithm created in Belgium as the United States' next-generation encryption standard, known as the Advanced Encryption Standard.
eBay's Schmidt believes that the first step is to give security executives more power within corporate ranks.
"There is this perception, in many cases, that some of them are too far down in the organization; others don't have the visibility that they think they need to be effective," Schmidt said. Improving the nation's and the Internet's security depends on changing that, he added.