TechNet Recruits Audit Firms On Cyber Security Baseline

The auditing firms will help develop a baseline, or check list, that companies can use to figure out whether they are meeting a minimum standard for cyber security, said Rick White, president and CEO of TechNet, at the RSA Conference here. The group announced its baseline project last month, when it launched its CEO Cyber Security Task Force.

TechNet also is working with the Internet Security Alliance "to challenge American businesses to meet a minimum level for cyber security," White said. The cyber security baseline project responds to the National Strategy to Secure Cyberspace, which was released in draft form last fall, he said. The baseline is scheduled for release later this year.

"We really are trying to answer the challenge the government gave us and establish a baseline for security," he said.

Howard Schmidt, special adviser to the President for cyberspace security, praised the effort.

Sponsored post

"We're excited to see a piece of the security strategy actually being implemented," he said.

As the national cyber security strategy was developed, it raised questions about whether there would be any government mandates, Schmidt said. From the start, the strategy was designed to allow the private sector to address the issue without mandates, he said.

The strategy has already succeeded by virtue of the fact that universities are making their systems more secure and training IT security professionals, he said. Plus, wireless manufacturers are implementing security in their devices, he said.

Sanctions for a lack of IT security will be decided by the free market, when people don't buy products because they're not secure enough, he said.

Schmidt added that cyber security is an international issue: "This isn't something we can put a fence around the borders and make it a strictly North American issue."

Responding to a question during a press conference, Schmidt said the nation was on heightened alert for cyber attacks when the Iraq war began, but he added, "We have not seen things we were afraid we might see."

RSA President and CEO Art Coviello, a member of TechNet and its Cyber Security Task Force, said the baseline addresses the issue of "survivability" in the event of cyber attacks.

Andy Toner, a partner at PricewaterhouseCoopers, said the firm's role will be one of contributing its expertise in security audits and its insight into clients' business issues.

"We've spent a lot of time developing security best practices. We have lot to offer in sharing that information," Toner said.
