By Eric Chabrow
To protect the nation against cyber-terrorists, the federal government is asking companies to share sensitive data about security holes in their IT infrastructures. Any cyberattack likely would be waged on networks controlled by private companies, which own 85 percent of the nation's critical IT infrastructure.
"The future battlefield is in private hands," Sen. Robert Bennett, R.-Utah, said last month at a Senate Governmental Affairs Committee hearing on a bill he's sponsoring, which would exempt from some provisions of the Freedom of Information Act businesses that voluntarily reveal secrets to the government involving IT vulnerabilities.
Citizens can use the Freedom of Information Act to compel the government to provide some confidential data, and companies fear the information they disclose will be available or leak to competitors or-worse yet-lead to criminal or civil lawsuits.
"Companies won't disclose voluntarily if it could bring financial harm to them," says Ty Sagalow, chief operating officer of New York-based American International Group's E-Business Risk Solution unit. "Better to keep your mouth shut."
A recent Computer Security Institute/FBI survey revealed that 90 percent of 503 computer security practitioners surveyed detected computer security breaches during the previous 12 months, but only 34 percent reported them to law enforcement.
This article originally appeared in InformationWeek, a sister publication of I&T.