Flanked by some serious-looking guys from the FBI, the U.S. Secret Service and--get this!--Interpol, Microsoft last week announced a to anyone whose information leads to the arrest of the authors behind the MSBlast worm and Sobig virus. This is just the beginning of a $5 million fund Microsoft will use to buy off informers.
The announcement was good for a photo opportunity and achieved the appearance of movement. Microsoft needs every bit of good news it can muster. After a couple of years being on the receiving end of escalating cyberattacks, management is clearly frustrated by what it now refers to as "criminals," not misguided geeks.
The new message is simple: Break the law, and law enforcement will go after the bad guys.
There's just one problem. It won't work--not even if they teamed up J. Edgar Hoover, Eliot Ness and The Shadow. Placing a bounty on someone's head may sound like an effective deterrent, but let's get real. For starters, it's just too reactive. In this standoff, the hackers will always hold the initiative. Besides, does anyone really believe a snitch fund will entice digital sociopaths to turn in their buddies?
So what's the alternative to playing cops and robbers?
Start with the deal worked out earlier this year, when Silicon Valley convinced Washington, D.C., to let it decide how to secure information systems. The so-calledcalls for the government to work with private industry to devise an emergency response system and reduce the nation's vulnerability to cyberattacks.
The strategy document leaves the initiative for making all this happen to the technology industry. I would have preferred something with more teeth. But at least this was a beginning. Besides, Silicon Valley says it can clean up the mess without any government regulation. Now it has a chance to make good on the claim.
Unfortunately, nine months have elapsed since the Bush administration signed off on, and most companies still don't have a clue how to go about implementing the plan.
Nine months have elapsed since the Bush administration signed off on the agreement to leave things up to the private sector.
A lot is going to depend on the performance of the new cyberczar, Amit Yoran, who moved into his job at the Department of Homeland Security a couple of weeks ago. If Yoran is able to provide the necessary leadership, the highly regarded former Symantec executive would send a convincing message to the IT industry that the security problem is finally in good hands.