Summit spurs strategies for fighting crime

Almost 100 corporate security managers met with politicians and law enforcement

representatives Wednesday in Menlo Park, Calif., to refine strategies for

fighting computer crime.

Billed as the "Internet Defense Summit," the meeting featured an address

by Sen. Fred Thompson (R-Tenn.), who announced a bill calling for annual

reviews of government security practices.

The proposed Government Information Security Act, drafted by Thompson, was

approved Tuesday by the Senate Government Affairs Committee that Thompson

chairs. But the senator cautioned security managers that the federal government

doesn't have adequate resources to prosecute security attacks. Congress

shouldn't pass legislation that forces companies to cooperate with investigations,

he said.

"We don't know yet how to run our own shop," Thompson acknowledged, adding

that companies have to create their own security defense plans. He said

the government could assist by providing grants for security research, granting

tax breaks to companies that develop security tools, enforcing current laws

and increasing the number of visas for high-tech workers.

Raymond Kendall, secretary-general of the Interpol international police

agency, reminded attendees that national laws have limited jurisdictional

power against the international nature of Internet crimes. Speaking via

a satellite link from Brussels, Kendall said each country has to pass its

own laws against computer crime and enforce them.

This issue has become keenly apparent during the ongoing search for the

authors of the "ILOVEYOU" virus, because the Philippines — where the virus

apparently originated — has no specific laws against writing damaging computer

viruses.

Kendall also said most governments have neither the financial resources

nor the technical know-how to stay on top of hackers and computer terrorists.

"The private sector must [provide for] themselves much of the action which

is necessary to prevent attacks from being made on the Internet," he said.

"It's no longer possible for governments to provide the kind of resources

and investment necessary to deal with these kinds of issues."

The summit featured a mix of government, industry and law enforcement attendees.

For example, Beth Dickinson, a chief in the Los Angeles County Sheriff's

Department, said her computer crime unit investigates not individuals but

groups of people conspiring to commit security break-ins. The unit focuses

on "major banking threats from institutions," Dickinson said. "We are targeting

high-value crimes."

A few participants called on software companies to make their applications

more secure. One suggestion was that default settings in software should

automatically be at the highest level of security available.

"You wouldn't build a swimming pool in the center of town and not put a

fence around it, and I think that's what the software companies are doing,"

said Glenn Tenney, a director at Pilot Network Services Inc. in Alameda,

Calif.

— James Niccolai contributed to this article.