This story was written by Keith Dawson for the Media Unspun email newsletter and is Copyright 2002 by Keith Dawson.
M E D I A   U N S P U N
Holes in the Cyber-Zone
2002-09-10

Like everyone else, reporters who cover cyber security looked back at the year since Sept. 11.

The Washington Post and CNET's News.com covered the release of a survey by the Internet Security Alliance indicating that nearly a third of the businesses responding felt their cyber security was not up to snuff. The Post pointed out that the survey's 227 respondents did not amount to a statistically significant population. News.com concluded its story with an analyst wondering what the IT managers at 70% of the respondents were smoking: "At least 30% were honest. The other 70% were either lying to the survey, lying to themselves, or completely disingenuous."

In a separate story, the Post looked forward to the release next week of a document called the National Strategy to Secure Cyberspace from the President's Office of Cyberspace Security. In true inside-the-Beltway fashion, the Post gave a blow-by-blow of the efforts of industry lobbyists to modify or remove particular items from the draft report.

The New York Times' John Schwartz filed a hefty story, nearly 1,800 words, examining a number of aspects of computer security over the past year. In one insight not covered elsewhere, Schwartz pointed out that the watershed date for cyber security was not last Sept. 11 but rather Sept. 18 -- the day the Nimda computer worm/virus was released on the Net. The story's overall assessment of the security situation was summed up in its lead: "Sounding the alarm is not the same as paying for a deadbolt on the door."

Columnist Paul Andrews wrote in the Seattle Times that Sept. 11 caused a shift in many companies from an emphasis on Web services to one of security. As a central example he pointed to Microsoft's soft-pedaling of its .Net initiative and its embrace of Bill Gates' "trusted computing" initiative. It's a neat theory, but marketplace forces had a lot to do with Microsoft's shift: customers found .Net incomprehensible (but scary), and they complained loud and long to Redmond about the never-ending string of security holes in Microsoft's products.

On the hardware front, Wall Street Journal reporter Don Clark covered an announcement from Intel's technology conference that the chipmaker plans to build security features into some future chips, in a program code-named "LaGrand." Clark compared LaGrand with a similar effort by Microsoft, dubbed "Palladium," to accomplish similar security goals in software. Clark pointed out that Intel's security functions were likely to work with other operating systems than Windows, "a choice likely to please Microsoft rivals." - Keith Dawson

Security pros: Our defenses need work
http://news.com.com/2100-1001-957219.html

Internet Security Not Pressing to All
http://www.washingtonpost.com/wp-dyn/articles/A54670-2002Sep8.html

Administration Pares Cyber-Security Plan
http://www.washingtonpost.com/wp-dyn/articles/A59168-2002Sep9.html

Year After 9/11, Cyberspace Door Is Still Ajar
http://www.nytimes.com/2002/09/09/technology/09SECU.html

Net security efforts going nowhere fast
http://seattletimes.nwsource.com/html/businesstechnology/134531870_paul09.html

Intel to Build Security Features Into Its Chips for First Time
http://online.wsj.com/article/0,,SB1031602346127772915,00.html
(Paid subscription required.)