Home Users Part of Net Security Plan
Wed Jul 17, 4:39 PM ET
By D. IAN HOPPER, AP Technology Writer

Keeping your home computer's antivirus software updated is not just sensible it could be a way to demonstrate your patriotism.

Richard Clarke, the president's computer security adviser, said Wednesday that an upcoming national plan to protect cyberspace will include expectations for home users, as well as large companies and the government.

"Every American relies upon cyberspace and every American has to do something to secure their part of cyberspace," Clarke said of the plan, which will be released Sept. 19 in Silicon Valley.

Clarke said the plan, which is being hashed out among government officials with input from technology firms, is the Internet component to the national strategy for homeland defense announced by President Bush ( news - web sites) earlier this week.

The government is struggling with how to protect the nation's critical computer systems from attack by hackers and terrorists. Most of the country's most sensitive computers such as those that control water supplies, electrical power and financial institutions are run by private companies.

The cyberspace plan will include recommendations in five categories, Clarke said. Those are home and small-business users; major corporations; "sectors" like banking, utilities and the government; national issues; and global Internet issues.

The recommendations would not be mandated by law, Clarke said.

Clarke said the recommendations which currently number 77 but could change before the official announcement will include government-provided software and other tools to make them easier to implement. He declined to say what the specific recommendations are.

"It's designed to not just say (they) have a responsibility, but to empower them by giving them the tools," Clarke said.

Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000 ( news - web sites), the most commonly used operating system for government and corporate computers.

The Pentagon ( news - web sites), the National Security Agency and other private and government organizations devised the standards.

Collectively called the "Gold Standard," the package is a small program that probes computers for known security flaws and makes suggestions on how to eliminate holes used by hackers.

The unprecedented effort will have immediate impact.

All Defense Department computers will have to meet the standards immediately. The White House is considering making the rest of the government follow suit.

Experts say the keys to success will be extending the standards to home and business users, making them simple enough for the public to understand and ensuring they stay ahead of increasingly sophisticated computer attackers.

The effort has brought together some of the biggest names in business, including computer chipmaker Intel Corp., Chevron and Visa part of the group that helped create the standards and is encouraging their use.

The breadth of the problem is staggering. The technology research firm Gartner recently projected that through 2005, 90 percent of computer attacks will exploit known security flaws for which a solution is available but not installed.

The program released Wednesday checks a computer for such flaws and shows how to fix them.

Experts hope that private companies will adopt the standards as well and encourage software makers to ship their products in a more secure configuration.

Some government agencies, including the Air Force, are considering using their procurement power to require that vendors offer more secure versions of their software based on the standards.

"We want to transition the bulk of this work to the vendors," Air Force chief information officer John Gilligan said. "That's not an unreasonable expectation."