Tech Industry Works To Stem New Security Rules

WASHINGTON (AP) -- America's largest technology companies are working to persuade the Department of Homeland Security against consideration of costly new computer-security rules, arguing that companies already are taking aggressive steps to defend against hackers.

So far, industry has found a receptive audience. Homeland Security Secretary Tom Ridge was expected to solicit suggestions from executives Wednesday during an appearance at an industry conference in Santa Clara, Calif.

The administration already is reconsidering its support for a plan that would require publicly traded companies to describe their hacker defenses to securities regulators.

Ridge told executives last month it was "worthy and timely" to consider requiring companies to disclose to the Securities and Exchange Commission how well they're prepared for attacks. However, amid objections by industry groups, the government is reconsidering whether to involve the SEC.

"It is premature at this point to say that public companies need to have a disclosure requirement," said Robert Holleyman, chief executive for the Business Software Alliance, whose members include Microsoft Corp., Intel Corp., Apple Computer Inc., and Cisco Systems Inc.The proposal was among the earliest outgrowths of the Bush administration's strategy for securing cyberspace. The plan was heavily influenced by technology lobbyists when it was formally adopted earlier this year. Now lobbyists and others are getting a chance to rewrite the SEC legislation to make it more palatable.

Some observers are impressed with the behind-the-scenes influence of industry groups like the Information Technology Association of America and the Business Software Alliance in shaping the administration's most important computer-security policies.

"They've driven it in many ways. They've been very, very effective," said James Lewis, the technology policy director for the Center for Strategic and International Studies, a Washington think tank.

Homeland Security officials are sensitive to suggestions that the largest U.S. technology companies--concerned about the potential costs of new regulations--have exerted undue influence. But they defend working closely with executives, noting the industry's ownership of most computer networks and the U.S. government's hands-off preference toward most Internet concerns.

"We're clearly not catering to special interests," said Amit Yoran, the newly appointed director of the department's National Cyber Security Division and a former executive at the antivirus firm Symantec Corp., He added, "To not allow for industry associations to provide us with their input and their opinions would not be prudent. It would be irresponsible."Executives at the California conference already have established working groups to advise the Homeland Security Department on subjects that include how to set up early warning networks and encourage companies to design better software. One early idea under consideration: professional licenses for software writers, similar to those for doctors and engineers.