(January 17, 2001) The Commerce Department and executives from nineteen information technology companies met in Washington DC to announce the formation of a group named Information Technology Information Sharing and Analysis Center. This ISAC will share information about cyber attacks, protective measures, and other information security issues.
Representatives of Microsoft, Oracle, Cisco, IBM, HP, EDS, CSC, Intel, Symantec, and other companies gathered in the conference room of Secretary of Commerce Norman Mineta on Tuesday morning, January 16, to announce the new group.
"It is a giant step forward in making certain that the nation's information networks are as secure from cyber attackers as we can make it," said Sec. Norman Mineta.
The purpose of IT-ISAC is to report and exchange information among its industry members concerning electronic incidents, threats, attacks, vulnerabilities, solutions and countermeasures, best security practices and other protective measures; to establish a mechanism for systematic and protected exchange and coordination of such information; and to take other appropriate action commensurate with these goals.
Most of the representatives of nineteen founding members spoke at the event. Guy Copeland of CSC addressed the history of industry security efforts, which he dated back to 1981, and the Apple 2 viruses on pirated computer games. Phillip Lacombe of Veridian compared the mission of IT-ISAC to that of the "missile and air defense early warning system."
Todd Gordon of IBM stated that the "common objective is to protect Internet commerce" but that "we will never allow the IT-ISAC to become commercialized."
Dan Burton of Entrust Technologies provided a metaphor for the IT-ISAC. It is a "research university with a hospital emergency room attached to it."
Gregory Akers of Cisco assessed the threat. The cyber threat "reach[es] beyond the thing we are accustomed to in the past, where a few misguided individuals may have deemed it a unique opportunity to go see what they can accomplish ... These people now have become very well skilled at their trade. They are supported by very wealthy and very powerful entities within the world today, and their position to take advantage of the opportunities that these infrastructures provide will let them use them to their benefit, not the benefit of society as a whole."
Howard Schmidt of Microsoft addressed the effect of the transition of administrations. He said that this "will be a continuing priority with the new administration." Harris Miller of the ITAA added that Sec. Norman Mineta, who is currently Clinton's Secretary of Commerce, will be Bush's Secretary of Transportation, and will add to continuity.
Richard Clarke, National Coordinator for Security, Infrastructure Protection and Counter-Terrorism, National Security Council, and Greg Rohde, Assistant Secretary of Commerce for Communications and Information and NTIA administrator, also spoke at the event.
Rohde emphasized that computer networks are privately owned, and that leadership on network security must come from the private sector.
Clarke emphasized private industry's sharing of information with the government. He added, "It is remarkable that these competitors have come together. But these are the companies that make America work, and without these IT, the new economy would not work. So, it is a patriotic move on their part to come together to help preserve the economy, and to help preserve the national security." He added that he hoped other ISACs will be formed for other industry sectors.
Tech Law Journal also spoke with Lino Lipinsky, a partner with the law office of McKenna & Cuneo, legal counsel to the IT-ISAC, after the event, regarding the antitrust law implications of the IT-ISAC. He stated that the FTC wrote its Antitrust Guidelines for Collaboration Among Competitors [PDF] in April of 2000, and that the planned activities of the IT-ISAC are permissible under these guidelines.
He stated that "these types of agreements may be necessary to realize some procompetitive benefits."
While some entities that seek to join the IT-ISAC may be excluded, it would be those "with no track records whatsoever." He added that "if a bona fide well respected member of the IT community applies" it will be admitted.
He also stated that "we have bent over backwards to make sure that this is a private entity."