Will companies improve security voluntarily?
Will companies improve security voluntarily?

Government IT regulation sparks fierce debate

Tempers fray at RSA Conference as experts discuss government role in security

Written by Iain Thomson at the RSA Conference in San Francisco

vnunet.com, 17 Feb 2005

A series of heated exchanges at the RSA Conference left tempers frayed yesterday as experts debated the pros and cons of governments trying to regulate IT security.

Bruce Schneier, a cryptographer and IT security expert, Richard Clarke, former White House advisor on cyber-security, Harris Miller, president of the IT Association of America, and Rick White, president of TechNet, debated the role of regulation but found little common ground.

"We have a problem," said Clarke. "I opposed regulation in both the Bush and Clinton administrations. We now have some regulation and most of it does not work well."

He went on to state that, if he were grading the Bush government on its regulation progress, he would give it an 'F'.

Schneier, on the other hand, proved a fan of regulation, maintaining that it was the only way to get companies to write more secure code.

"What regulation does is change the trade-offs a company makes," he said. "The capitalist incentives are not in line with the results we want as a society. If we make it in a company's interests to make secure products, it will."

Schneier explained that companies would always choose to place less emphasis on security if it meant cutting into profits, and that the only way to reverse this is to make the penalties for insecure code greater than the cost savings of releasing insecure code.

But speaking for the industry, Miller strongly opposed further regulation. "Our industry is all about innovation and the concern we have is that regulation can be the enemy of innovation," he claimed.

"Even heavily regulated industries like the auto sector have problems. There are already plenty of laws on the books to deal with this."

The panellists found little to agree on, with the discussion turning heated on more than one occasion. Clarke finished his arguments with a warning on the consequences of inaction.

"Industries say that they don't want to be regulated; there's a surprise," he said. "Industry only responds when you threaten it with regulation. After a major incident there will be worse regulation than you have now."

Tags:

reader comments

related articles

Doubts cast over efficacy of two-factor authentication

Hackers can beat security tokens

Two-factor authentication 'doesn't solve anything', claims security expert 15 Mar 2005

 

Linux fan concedes Microsoft is more secure

Vulnerability research claims shocking results 17 Feb 2005

Microsoft's enterprise security under fire

Symantec puts the boot in 16 Feb 2005

IT security industry faces a tough 2005

Days of wine and roses over as corporates streamline security budgets 16 Feb 2005

RSA Conference 2005

The information security event of the year rolls into San Francisco 15 Feb 2005

IT industry's 12-point cyber-security plan

Protect and survive 15 Dec 2004

Climate change strategy splits presidential hopefuls

New guide summarises candidates' proposed plans for tackling global warming 14 Jan 2008

Lieberman-Warner

Bush declares opposition to Lieberman-Warner

President claims Climate Security Act would cost US economy $6 trillion, as critics insist White House estimates are hugely overblown 03 Jun 2008

Cap and trade schemes can work without impacting poor families

New US report argues cap and trade schemes need not impose crippling energy bills as Bush reiterates opposition to Kyoto's carbon limits 18 Oct 2007

today's top stories

Internet

Analysis: Will IE8 cause more problems than it solves?

Microsoft's new browser may lead to compatibility issues and affect online advertising 29 Aug 2008

Management

CIO morale plummets as crunch hits

Fewer opportunities and less responsibility depress IT managers 27 Aug 2008

Software

The pIT stop Q&A: Should packaged software users adopt SOA?

Our expert panel answer readers' questions 29 Aug 2008

Management

Computing podcast 28 August 2008

CIO job satisfaction plummets, and why schools' IT spending is set to top £1bn 28 Aug 2008

Communications

The definitive guide to collaboration

Five key technologies and five best practice tips to improve your collaborative IT 28 Aug 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
  • You set the job criteria
  • You set the freqency
Sign up here

Find your next job here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you recruit a student with an IT degree?

Would you recruit a student with an IT degree?

As IT student numbers plummet - would you recruit an IT graduate?

Previous poll results

> More polls

Latest audio and video articles

A stressed CIOAudio

Computing podcast 28 August 2008

CIO job satisfaction plummets, and why schools' IT spending is set to top £1bn 28 Aug 2008

Bryan Glick video whiteboardVideo

The definitive guide to collaboration

Five key technologies and five best practice tips to improve your collaborative IT 28 Aug 2008

> More audio and video

Latest in-depth articles

Myron HrycykAnalysis

General management skills are now as important as technical ability

A selection of leading chief information officers talk about what they see as the most important aspects of the role 28 Aug 2008

Internet Explorer logoAnalysis

Analysis: Will IE8 cause more problems than it solves?

Microsoft's new browser may lead to compatibility issues and affect online advertising 29 Aug 2008

> More in depth articles

Primary Navigation