White House panel's cybersecurity plan avoids calls for new government rules

Wednesday, September 18th 2002, 12:00 am

By: News On 6

STANFORD, Calif. (AP) _ A White House panel said Wednesday that the nation should deal with potential threats to computer security by educating users and by letting market forces _ not government mandates _ fix problems.

The recommendations, released at Stanford University, range from urging users to set tougher passwords to establishing industry centers where companies can share and resolve their vulnerabilities anonymously.

Critics say voluntary cooperation and market pressures will hardly have the effect of laws and regulations.

``All of these are good recommendations,'' said Mark Rasch, formerly the Justice Department's top computer crimes prosecutor. ``But none have the force of law. There is no carrot and there is no stick. You need to put some teeth into some of the proposals.''

The proposed National Strategy to Secure Cyberspace is not final. During the weekend, the White House panel decided to open it up for more comment before presenting it to President Bush in two months. A leaked copy of the plan was published on the Internet on Tuesday.

``If we just come up with a government strategy and announce it without participation from the people who have to implement it, we're not going to get the level of cooperation that we need for this,'' said Richard Clarke, the White House's senior cybersecurity adviser.

One reason for adding time for public comment was to end assumptions and rumors within the technology industry about the report's contents, he said.

The strategy has nearly 60 suggestions for improving computer security for home users, small businesses, universities, large corporations, government agencies and other nations.

It encourages software engineers to be more careful with products they design, and companies to regularly test their internal cybersecurity.

The strategy also recommends a code of conduct for Internet providers to follow when a cyber attack is under way. But it does not seek laws requiring Internet service providers to include firewalls, antivirus utilities or other security software for their high-speed customers, whose accounts are vulnerable because they are always on.

``We're not creating regulation, not creating mandates,'' Clarke told reporters on Tuesday. ``We want to do this through market forces.''