Massachusetts moves to develop first statewide program to Secure the Weak Link in Cyberspace:
Consumers, Small Businesses and Home Offices

Attorney General Tom Reilly, Bentley College and Massachusetts Software and Internet Council cosponsor public forum 

WALTHAM, MA—Massachusetts seeks to develop a model program that would be the first in the nation to help its citizens protect their home computers and small or home offices from unwittingly spreading viruses or serving as a launching pad for Internet attacks that threaten the economic or national security of the United States. Massachusetts Attorney General Tom Reilly, Bentley College and the Massachusetts Software & Internet Council launched the effort with a public forum, "Securing the Weak Link in Cyberspace" at Bentley College in Waltham.

    "We hope right here at Bentley College to begin to formulate a national model as to how we go about fixing this problem in cyberspace," said AG Reilly.  

    With the popularity of "always-on" Internet connections such as digital service line (DSL), broadband, wireless and satellite services, home and small business computer systems can be exploited by unauthorized intruders. Firewalls can protect these home and small business computers but consumers may not be aware of the need to install a firewall or anti-virus software or find the software inconvenient to use. At issue is how to implement the recommendations that consumers and small businesses should install appropriate security software, and what role industry should play in making it easier for home users and small businesses to obtain and update security software. The forum also explored how Massachusetts can do its part in implementing the National Strategy to Secure Cyberspace. The White House released the draft strategy on Sept 18, 2002.

    Commissioner Orson Swindle of the FTC delivered the keynote address. Swindle was appointed in Dec 2001 as head of the US Delegation to the Organization for Economic Cooperation and Development (OECD) Experts Group to review the 1992 OECD Guidelines for the Security of Information Systems and heads up the FTC's consumer security efforts.
     "There are 280 million people in our society and half of them are on computers," said Swindle. "So if we don't educate consumers, if we rely solely on networks in government and industry, we're very vulnerable." 

John Grossman, assistant attorney general and chief of corruption, fraud and computer crime for the state of Massachusetts, used case studies in discussing the consequences of the security weaknesses of consumer/SOHO systems. He emphasized the need for easy home computer security.  

     After a demonstration by Guardent Executive VP and Co-Founder Dan McCall of how so-called "hackers" can get into computer systems, a reaction panel tackled the question "How can Massachusetts do its part in implementing the President's "National Strategy to Secure Cyberspace?" Led by moderator Mary Culnan, Slade Professor of Management and Information Technology, Bentley College, panelists included Scott Charney, chief security strategist, Microsoft; Leigh Williams, senior vice president, Fidelity Investments; Jeffrey Seul, general counsel, Groove Networks; Barbara Anthony, director, Northeast Region, Federal Trade Commission; Richard M. Smith, Internet privacy and security consultant; and Scott Lebredo, senior technology manager, corporate security, Verizon. The panelists debated the obstacles that exist for consumer/SOHO users, issues surrounding installation and updating appropriate software, the responsibilities of Internet Service Providers (ISP's), and the appropriate role for the state and federal governments.

     "By bringing together representatives from law enforcement, academia, the high-tech sector and consumer groups, we are taking an important first step towards protecting Massachusetts computer users from the very serious threats that exist in cyberspace," AG Reilly said. "Today's goal is to determine the best and most effective ways to enhance the level of cybersecurity in Massachusetts and ensure that consumers and small businesses are protected when they go online."

    Failure to secure the rapidly growing segment of home users and small businesses poses a threat to both the national and economic security of the US as well as public confidence in the Internet. To date, no states haves announced plans to implement the President's Strategy, a draft of which is available at www.securecyberspace.gov (Implications for home users and small businesses may be found on pages 15-17 of the draft.) Computer attacks that can jeopardize the US are not limited to government agencies and large corporations. According to the draft national strategy, consumers and small businesses are vulnerable to cyber attacks that can damage files, software and operating systems, wiping out irreplaceable data; enable thieves to steal personal data and use it to apply for a credit card or other identification in the user's name; purchase goods online and have them shipped to a drop site; gain access to a home personal computer and insert a secret file that ends up on the company system; access customers' names and credit card numbers for the purpose of extortion; take over a computer system without the owner's knowledge and use it for malicious purposes; or access a user's email address book.     

    "The national draft strategy defines the problem but does not provide a roadmap for getting from the current state to the ideal, where all home users and small businesses employ appropriate security measures," said Bentley College Prof Mary Culnan, who served as a commissioner on the President's Commission on Critical Infrastructure Protection and the FTC’s Advisory Committee on Access and Security. "The question remains, how to build a partnership among the business community, government, academia and consumer groups to develop and promote solutions to the problem. The current efforts to promote cybersecurity cited by the draft strategy are largely informational websites that are unlikely to get the job done." 

Contact: Mike Bellwin, Bentley College, 781-891-2277; mbellwin@bentley.edu 

eNEWSLINE Home Page