All the latest UK technology news, reviews and analysis
|
|
|
17 Feb 2005
A series of heated exchanges at the RSA Conference left tempers frayed yesterday as experts debated the pros and cons of governments trying to regulate IT security.
Bruce Schneier, a cryptographer and IT security expert, Richard Clarke, former White House advisor on cyber-security, Harris Miller, president of the IT Association of America, and Rick White, president of TechNet, debated the role of regulation but found little common ground.
"We have a problem," said Clarke. "I opposed regulation in both the Bush and Clinton administrations. We now have some regulation and most of it does not work well."
He went on to state that, if he were grading the Bush government on its regulation progress, he would give it an 'F'.
Schneier, on the other hand, proved a fan of regulation, maintaining that it was the only way to get companies to write more secure code.
"What regulation does is change the trade-offs a company makes," he said. "The capitalist incentives are not in line with the results we want as a society. If we make it in a company's interests to make secure products, it will."
Schneier explained that companies would always choose to place less emphasis on security if it meant cutting into profits, and that the only way to reverse this is to make the penalties for insecure code greater than the cost savings of releasing insecure code.
But speaking for the industry, Miller strongly opposed further regulation. "Our industry is all about innovation and the concern we have is that regulation can be the enemy of innovation," he claimed.
"Even heavily regulated industries like the auto sector have problems. There are already plenty of laws on the books to deal with this."
The panellists found little to agree on, with the discussion turning heated on more than one occasion. Clarke finished his arguments with a warning on the consequences of inaction.
"Industries say that they don't want to be regulated; there's a surprise," he said. "Industry only responds when you threaten it with regulation. After a major incident there will be worse regulation than you have now."
Latest stories from Public Sector
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
IT Security Specialist Move in2 Solutions /Pre-Sales...
SOFTWARE ENGINEER - BERKS - to £34k plus package WAREHOUSE...
We currently have a position for a Senior Project Manager...
JAVA DEVELOPER TRANSPORT MANAGEMENT SYSTEMS / TMS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?