X
Tech
Home Tech Security

Panel: No testing for security products

Security software and hardware makers should not have to submit their products for mandatory performance testing, a federal advisory council decides.
Written by Declan McCullagh, Contributor
Security software and hardware makers should not have to submit their products for mandatory performance testing, a federal advisory council said Wednesday.

Members of the National Infrastructure Advisory Council (NIAC), a presidentially appointed panel, voted during a conference call Wednesday afternoon to remove language from a draft cybersecurity report that could have required that all "security products that protect critical infrastructure" undergo strict review.

The advisory report is scheduled to be sent to President George W. Bush in the next month, and any legal requirements it recommends imposing on the private sector would have to be approved by Congress.

Union Pacific Chairman and CEO Richard Davidson, chairman of NIAC, began the call by saying that the performance testing requirement is "probably not as palatable to the IT companies and probably is a little too strong in terms of regulation recommendations."

Davidson's note of caution was echoed by Cisco Systems CEO John Chambers. "We found that mandatory testing and evaluation testing and procedures in the area of security is something that has actually slowed down innovation and is always two to three steps behind," Chambers said. He suggested that this could result in a regulation that meets a lowest common denominator requirement.

Akamai Technologies' George Conrades said he would support the government's taking a market approach--using its purchasing power--to oversight of the cybersecurity industry. This would help quell concerns about slowing down innovation, the company chairman and CEO said. Conrades also agreed with the removal of the word "mandatory" from the report.

Margaret Grayson, CEO of network security firm V-One, suggested that certain "products be required to interoperate with each other." Other NIAC members, including Chambers, spoke out against the proposal, and Grayson eventually amended the testing requirement to become only advisory.

President Bush created the NIAC by executive order in Oct. 2001, after the Sept. 11 terrorist attacks, and appointed most members to it a year later.

The crafting of the NIAC recommendations is linked to the unveiling in September of a draft White House proposal recommending that industry and individuals take greater care in securing data rather than recommending tough new laws and regulations requiring specific industry segments to secure themselves.

Editorial standards
Show Comments

Related

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

The Nova launcher setup window.

Nova is my favorite Android home screen launcher - let me show you why

Placeholder product image alt text

The best AI image generators to try right now