WASHINGTON, Jan. 25 (UPI) -- The White House is seeking to improve the security of computer systems but is looking to the private sector to make the necessary changes without new laws from Washington, according to a White House official charged with helping to protect the nation's digital networks.
Paul Kurtz, senior director for national security on the President's Critical Infrastructure Protection Board -- which is part of the National Security Council -- told attendees at a Washington technology conference that the administration wanted to avoid creating new regulations.
"We want to stimulate market forces to find solutions to IT security issues," said Kurtz. "The private sector owns 80 to 90 percent of the critical infrastructure ... so if we don't have buy-in from the private sector we won't get anywhere. We won't have success."
Kurtz later told reporters that the administration also looks to market forces to address software vulnerabilities as opposed to having Congress pass a law establishing liability. The White House does favor, however, a change in the Freedom of Information Act so that companies would be more comfortable sharing information on their problems.
"We support relief from the Freedom of Information (Act)," Kurtz said. "The private sector, corporate America, small companies are saying, 'We want to share information with you (about cybersecurity problems) but we don't want it to come out another hole'."
The administration is developing a national strategy to enhance cybersecurity, which should be ready, early this summer. The strategy will be organized in part around different classes of users, Kurtz said, such as home users, large firms and small businesses. It would also look at issues by sector -- such as the finance and transportation sectors -- plus larger issues that impact the nation as a whole.
The plan would address the fact that attacks on U.S. computers can come from anywhere in the world. Efforts will be made to work with other nations Kurtz said, reiterating the White House's support for the Council of Europe Treaty. The U.S. signed the new cybercrime treaty on November 23 though full ratification remains to be done.
"The government is looking to the private sector to come up with standards to work with, said Marc Brailov, Public Relations Director for MicroStrategy, the conference sponsor. "The government doesn't have the technical expertise to (mandate standards). (Kurtz) understands that."
Brailov told United Press International that he thought, even once security standards were established, meeting them would be voluntary. "They are trying to avoid legislation," he said.
Kurtz asserted that firms would comply because it was in their best interest to do so. Brailov supported that view. "This is an issue that transcends competition. We all have an interest in this. Our industry is in sort of a unique position. We are a major player in coming up with solutions. We are also a major target."