CIOs may have to sign IT security guarantee

Security: US government will demand security guarantees, expert warns

Security: US government will demand security guarantees, expert warns

IT directors may soon have to sign declarations guaranteeing that their systems are secure from attacks, a senior technology specialist has warned.

Paul Strassman, former chief information officer (CIO) at the US Department of Defense, warned IT directors they will soon have to take personal responsibility for the systems under their remit and be prepared to sign guarantees for the integrity of their networks.

His words came in the wake of the terrorist attacks in the US on 11 September.

With more companies moving their business onto the Internet, a virus attack which disabled corporate systems could have a devastating effect, and would be likely to be regarded as an act of terrorism, Strassman said.

"IT is a weapon for economic power. A terrorist's aim is to disable and paralyse, and the most obvious target for high pay-offs is the Internet. If you are working for a company with 5,000 servers and you have not put in the necessary protection, your system could be held responsible for generating damage," he warned.

"CIOs will have to sign to say their systems are secure, and they had better start getting ready for this. Would a CIO sign to certify that he has protected the company against Nimda today?"

Strassman, who maintains close links with the US government, said the authorities will be issuing new requirements and standards for security, and are likely to set up stringent measures to deal with those found negligent.

"The Government will have inspectors and sniffers to check for holes in your system, to check which servers can be penetrated," he said. Moves are already being made to clamp down on information security, and a number of companies have started disabling all floppy drives, he added.

Strassman has been in IT since 1955. In 1970 he formed the Xerox Information Services division, then in 1991 he became CIO of the US Department of Defense.

Read more on Antivirus, firewall and IDS products