WASHINGTON (Reuters) - Treasury Secretary Lawrence Summers warned corporate chiefs Tuesday that protecting their data from cyber threats was about to become a top priority in the United States.
He said he had no doubt that in 10 years information security would be ``an absolutely central priority in terms of management of business risk.''
``The only question is whether we will move to that in a smooth way or whether there will have been four or five spectacular failures which will have woken everybody up and gotten us to that point,'' Summers said.
He made his comments at a daylong White House conference aimed at spurring corporate attention to, and spending on, the threat of computer assaults. Attending the conference, the first in a six-part regional series, were experts on corporate governance, auditors and senior executives.
Commerce Secretary William Daley told the session that the Internet era marked ``the first time in American history the federal government alone cannot protect our infrastructure.''
``We can't hire a police force big enough to protect all of industry's key information assets,'' he said. ``Nor would you want us to.''
Instead, the Clinton administration has been pushing industry groups to share more data on network vulnerabilities both among themselves and with law enforcement and intelligence officials led by the Federal Bureau of Investigation. Summers cited the model of a center set up by 21 U.S. financial services firms last October.
The administration has stepped up its public expressions of concern since an assault in February disrupted online access for hours to such popular Web sites as Yahoo!, Amazon.com, eBay, E-Trade and others.
Possible threats range from youthful hackers and criminals to guerrilla groups. The administration also has frequently cited ``information warfare'' tactics that it says are under study by China, Russia and other countries.
National Security Threat
John Podesta, President Clinton's chief of staff, told the
conference that building safer computer security practices was
critical both to U.S. business and national security.
``And we are most successful when we work together as partners,'' he said.
Richard Clarke, the White House National Security Council staff coordinator for infrastructure protection and counterterrorism, said the government was willing to share intelligence on cyber threats with industry groups ``if we can establish classified'' channels for handling it.
But he said federal authorities were looking to the private sector to come up with information-security standards that might be required, for instance, to meet auditing guidelines or to get insurance.
In a report released at the conference, the Institute of Internal Auditors, which claims 70,000 members worldwide, said corporate directors had a responsibility to practice ``due care'' in overseeing information security practices.
``Any board that fails to address information security does so at the peril of the organization and itself,'' the Altamonte Springs, Florida-based, professional group said.