SAN MATEO (02/16/2000) - IN A summit meeting with technology executives Tuesday, President Clinton said that last week's hacker attacks on high-profile Web sites, though serious, were no "electronic Pearl Harbor."
The president was speaking at a meeting between White House officials and heavyweights from the Internet industry. The meeting was held to discuss ways the government could work with the private sector to ward off future threats to e-commerce.
Clinton said just before the meeting that key measures for protecting against a rerun of last week's attacks include sharing information during attacks, but doing so with minimal government regulation and privacy infringements.
Companies attending Clinton's security session included hacking victims Yahoo, Etrade, Excite@Home, and eBay. Other attendees included representatives from AT&T, MCI WorldCom, Intel, Nortel, IBM, Sun, Hewlett-Packard, EDS, Internet Security Systems, America Online, Microsoft, 3Com, and Cisco.
Cisco's chief information officer Peter Solvik, who appeared with Clinton before the meeting, said the technology industry is counting on the government to provide leadership on high-level security issues.
"We look to the government to play an important role by coordinating this activity, ensuring its own systems are secure and continuing to support important R&D efforts," Solvik said.
Clinton was asked about reports that certain members of the financial sector suffered attacks, but he declined to provide any information.
After the closed-door meeting, Clinton's Chief of Staff John Podesta said the government likely would step up short- and long-term research and development efforts surrounding security.
The Clinton Administration also is considering the creation of an "institute" which would spearhead future partnership efforts between the government and the private sector, Podesta said. In forming the institute, federal officials may well use the government's handling of the millennium date change as a model, Podesta added.
Podesta and other officials also stressed at the meeting the need for heightened awareness - and more stringent use -- of the software tools available to thwart attacks.
Internet companies also need to "practice better [security] hygiene" and make sure the tools being used are set properly to detect attacks, Podesta said.
Also on the table at Tuesday's meeting was discussion of government prosecution of Internet-related crimes and the ability of FBI and other law enforcement organizations to deal with such incidents.
Roberto Medrano, general manager at Hewlett-Packard's Internet Security Division, was among the vendor representatives at President Clinton's cyberattack meeting Tuesday.
Medrano said he and most other attendees agreed with Clinton's suggestion that security and e-commerce vendors should work together to produce both offensive and defensive solutions to prevent future cyberattacks.
In what it said was a "complement" to President Clinton's cyberattack initiative, Computer Associates will organize the first "Internet Security Task Force" meeting at a hotel in Manhattan, N.Y. on Wednesday morning.
Vendor representatives from the security arena, management services, and e-commerce industries will meet at 10 a.m. EST to discuss an assortment of security issues and vulnerabilities involved with the Internet and its relationship to e-business, said Simon Perry, security business manager at Computer Associates.
Perry said the meeting will focus primarily on two areas: creating an "Internet readiness" security policy document for the e-businesses industry, and coming up with long-term solutions to ensure that the best Internet security technologies are in place, including software, hardware and managed services.
Perry was adamant that the task force will produce collaborative but independent opinions and reports, and that it will not serve as a new "product ground" for vendors.
"The whole issue of security and the Internet cannot be solved immediately," Perry said. "Once we agree on the areas that need to be addressed, everyone will have their idea of how to handle its scope. We invite, going forward, as many people as possible to bring their own solutions."
CMGI, eToys, Cisco Systems, PSInet, Digex, Travelocity, SabreTech, and Verio were all confirmed to attend Wednesday's inaugural Internet Security Task Force meeting, Perry said.
Margret Johnston, a correspondent for the IDG News Service, an InfoWorld affiliate, contributed to this report.
Jennifer Jones is an InfoWorld senior editor. Brian Fonseca is an InfoWorld reporter.